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Foreword 


Government agencies, private sector organizations, and individual citizens 
are increasingly using sophisticated communications and computer technology 
to store, process, and transmit valuable Information. The need to protect the con¬ 
fidentiality and integrity of such data has become vital. This report examines Fed¬ 
eral policies directed at protecting information, particularly in electronic 
communications systems. 

Controversy has been growing over the appropriate role of the government 
in serving private sector needs for standards development and, particularly, over 
the appropriate balance of responsibilities between defense/intelligence agencies 
and civilian agencies in carrying out this role. In defining these roles and striking 
an appropriate balance, both private sector needs, rights, and responsibilities, on 
one hand, and national security interests, on the other hand, need to be carefully 
considered. 

This report examines the vulnerability of communications and computer sys¬ 
tems, and the trends in technology for safeguarding information in these systems. 
It reviews the primary activities and motivations of stakeholders such as banks, 
government agencies, vendors, and standards developers to generate and use 
safeguards. It focuses on issues stemming from possible conflicts among Federal 
policy goals and addresses important trends taking place in the private sector. 

OTA prepared the report at the request of the House Committee on Govern¬ 
ment Operations and the Subcommittee on Civil and Constitutional Rights of the 
House Committee on theJ udiciary. It is the second component of OTA's assess¬ 
ment of new communications technologies. The first component. The Electronic 
Supervisor: Noa/ Technologies, Nba/ Tensions, was published in September, 1987. 

In preparing this report, OTA drew upon studies conducted by OTA project 
staff, contractor reports and consultants, a technical workshop, interviews with 
Federal and private sector representatives, and those involved in research, 
manufacturing, financial services, consulting, and technical standards develop¬ 
ment. Drafts of this report were reviewed by the OTA advisory panel, officials 
of the National Security Agency and the Department of Defense, the National 
Bureau of Standards, the General Services Administration, the Department of 
the Treasury, and other government agencies, and by interested individuals in 
standards setting organizations, trade associations, and professional and techni¬ 
cal associations. 

OTA appreciates the participation and contributions of these and many other 
experts. The report itself, however, is solely the responsibility of OTA, 
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Chapter 1 

Executive Summary 


As society becomes more dependent on com¬ 
puter and communications systems for the con¬ 
duct of business, government, and personal 
affairs, it becomes more reliant on the confiden¬ 
tiality and integrity of the information these 
systems process. Information security has be¬ 
come especially important for applications 
where accuracy, authentication, or secrecy are 
essential. 

Today's needs for information security are 
part of a centuries' long continuum that shifts 
in emphasis with changing technology and so¬ 
cietal values. Modern electronic information 
systems are expanding the need for both fa- 
miiiar and new forms of information security. 


Today's needs for information secu¬ 
rity are a part of a centuries' long 
continuum. 


Developing adequate information security 
technology is a challenging task. This task is 
further compiicated since some of these evoiv- 
ing needs can only be satisfied with technol¬ 
ogy that must itself be kept secret, according 
to Department of Defense sources, because re¬ 
vealing it could be damaging to U.S. intelli¬ 
gence operations.' This situation raises the 
practical question of whether safeguards de¬ 
signed for use by defense and intelligence agen¬ 
cies can meet the needs of commercial users 
without jeopardizing U.S. intelligence objec¬ 
tives, i.e., whether the National Security Agency 
(NSA) can reconcile its traditional secret pos¬ 
ture with the openness needed to solve non¬ 
defense problems. It also raises the broader 
issues of the appropriate role of defense and 
intelligence agencies in civilian matters, and 
how openness and free market forces can coex¬ 
ist with secret operations and controis on sen¬ 
sitive information. 

The terms intelligence and intelligence operations are used 
throughout this assessment to refer to signals intelligence. 


Policy for information security, long domi¬ 
nated by nationai security concerns, is now be¬ 
ing reexamined because of its broadening ef¬ 
fects on nondefense i nterests. At the center 
of the current controversy is the appropriate 
role of the Federal Government in information 
security. The immediate policy questions fo¬ 
cus on whether NSA, primariiy an inteiligence 
agency, or the National Bureau of Standards 
(NBS), a civilian agency, should be responsi¬ 
ble for developing information security for non¬ 
defense applications. A fundamental issue is 
how to resolve conflicts involving the bound¬ 
ary between the authority of the legislative and 
executive branches to make policy when na¬ 
tional security is a consideration; a topic with 
implications extending well beyond the nar¬ 
row confines of information security policy. 

A separate, but reiated dimension to policy¬ 
making involves recent efforts to provide ad¬ 
ditional Government controls on unclassified 
information in computer databases, some Fed¬ 
eral, some commercial. Proponents of greater 
Government controls argue that these data¬ 
bases make information so readily available 
to foreign governments, competitors, and those 
having criminal intent, that uncontrolled ac¬ 
cess to them is a threat to national security. 

Congress is responding to these issues by 
examining alternative Federal roles in infor¬ 
mation security. Each of the three basic options 
for providing leadership-through NSA, NBS, 
or greater reliance on the private sector—has 
its own particular drawbacks and none is likely 
to completely satisfy all national objectives. 

There are a number of national interests to 
be accommodated by policy makers. An opti¬ 
mum outcome would maximize the ability of 
free market forces to deveiop and apply tech¬ 
nology to meet users' diverse and unfolding 
needs for information safeguards, whiie avoid¬ 
ing unnecessary restrictions on trade, innova¬ 
tion, and the free flow of information as well 
as compromises to the Nation's security. 
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THE NEED FOR INFORMATION SECURITY 


The need for information security has existed 
for thousands of years, but the advent of elec¬ 
tronic information systems—telegraph and 
telephone, sound and image recording, and 
computers and databases—has reemphasized 
the need for traditional safeguards and created 
a need for new ones. Early concerns tended to 
focus on controlling access to information and 
protecting its confidentiality. 

Modern computer and communications sys¬ 
tems are being used in ways that often require 
those using them to authenticate the accuracy 
of data, verify the identity of senders and re¬ 
ceivers, reconstruct the details of transactions, 
and control access to sensitive or private data. 
As the use of these systems increases, the vul¬ 
nerabilities, threats, and risks of misuse have 
become clearer, and information security has 
become a prominent issue for many Govern¬ 
ment agencies and private users. 


EI ect r on i c i nf or mat i on systems—tel e- 
graph and telephone, sound and image 
recording, computers and databases— 
reemphasize the need for traditional 
safeguards and create needs for new 
ones. 


The computer and communications technol¬ 
ogies on which these information systems are 
built, however, were not developed originally 
with information security in mind. They were 
designed for efficient and reliable service in the 
presence of accidental error, rather than inten¬ 
tional misuse, and little attention was given 
to protecting confidentiality. As one result, the 
public communications network has always 
been vulnerable to exploitation by those with 
appropriate resources (see below). 

Technology can increase or decrease the vul¬ 
nerability of communications to misuse. Micro- 
wave radio and cellular telephones have both 


Information security was not a key 
factor in the design of most computer 
and communications systems. As a re¬ 
sult, some forms of unauthorized ac¬ 
cess, such as wiretaps, intercepting 
mobile telephone conversations, or 
logging into computers with easily 
guessed passwords, can be achieved 
with limited resources. 


increased vulnerability; optical fibers have de¬ 
creased it. Still greater changes may be ahead 
as digital communications come into wider use. 

Increases in computing power and decentral¬ 
ization of computing functions have increased 
the vulnerability of computer and communi¬ 
cations systems to unauthorized use. Two 
types of misuse should be distinguished: mis¬ 
use by those not authorized to use or access 
systems and misuse by authorized users. For 
many public and private organizations, the lat¬ 
ter problem is of greater concern. 

The level of effort, expense, and technical so¬ 
phistication needed to gain unauthorized ac¬ 
cess to computer or communications systems, 
even when the system being attacked employs 
no special safeguards, can vary widely. Some 
forms of covert access, such as wiretaps, in¬ 
tercepting mobile telephone conversations, or 
logging into computers with easily guessed 
passwords, can be achieved with very limited 
resources. Others, such as those intended for 
targeted and consistently successful unauthor¬ 
ized access, can require greater resources due 
to inherent barriers in the design of these sys¬ 
tems. Systems protected by appropriate safe¬ 
guards can deny access even to dedicated for- 
ei gn i ntel I i gence agenci es. 

Users of computer and communications sys¬ 
tems have widely different perceptions of the 
threats against which protection is needed. 
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Some users protect their systems only against 
unintentional error or amateur computer 
hackers. Others guard against misuse by their 
own employees, outsiders, or the sophisticated 
intelligence agencies of foreign countries. 


Many businesses are concerned with 
the integrity of certain of their com¬ 
puter information, but not greatly 
concerned with threats to the confi¬ 
dentiality of their domestic commu¬ 
nications. 


There are few publicized cases of communi¬ 
cations interception and most of these deal 
with the interception of government commu¬ 
nications by foreign intelligence agencies. Not 
surprisingly, most commercial and private 
users, under ordinary circumstances, are not 
greatly concerned about their communications, 
particularly within the United States, being 
intercepted by foreign governments or others. 
Indeed, many businesses are concerned primar¬ 
ily with the integrity of certain of their busi¬ 
ness information and, in other cases, with the 
confidentiality of their sensitive information. 

Early computer systems were designed to 
be used by trained operators in reasonably con¬ 
trolled work environments; therefore, only lo¬ 
cal access to the systems was of concern. To- 
day's systems, in contrast, are often designed 
to be used by, almost literally, anyone from 
anywhere. With this ease of access to comput¬ 
ers, new problems have emerged, both from 
hackers and other unauthorized users, and 
from employees authorized to use the systems. 
Available data suggest that the damage done 
by computer hackers to poorly safeguarded 
systems is less severe than originally thought, 
and that actual and potential misuse from em¬ 
ployees who are authorized to use the systems 
is far more significant. 

On the other hand, NSA is concerned with 
foreign intelligence gathering, a concern that 


has motivated it to launch programs to im¬ 
prove the security of nondefense computer and 
communications systems. 

Thus, even though virtually all users have 
concern for some combination of confidential¬ 
ity, integrity, and continuity of service, the 
business community and the Government agen¬ 
cies that deal with it often have a very differ¬ 
ent outlook and need than defense and intelli¬ 
gence agencies when it comes to safeguarding 
information in computer and communications 
systems. This difference is one reason why 
some of the business community has been 
reluctant to accept safeguard technologies 
based on NSA's assessment of needs or that 
are tightly controlled by NSA. 

Safeguard Technology 

The private sector is developing a number 
of ways to safeguard information in computer 
and communications systems. These include 
technologies to encrypt data to make it con¬ 
fidential and to control access to computer sys¬ 
tems (such as with personal identification tech- 


Important techniques are emerging to 
improve the security of information 
in these systems including technical 
means to verify the identities of the 
senders of messages, authenticate 
their accuracy, and ensure confiden¬ 
tiality. 


niques), as well as to audit system activity and 
other administrative proc^ures. In many 
cases, commercial safeguards for these sys¬ 
tems are still evolving, as are users' under¬ 
standing of their needs for them. 

The use of information safeguards, properly 
applied, can vastly increase the level of re¬ 
sources required for potential adversaries to 
successfully gain access to protected systems. 
Some safeguards require two or more people. 
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Innovation is especially important for 
the evolution of new applications of 
information security. 


often trusted employees, to collude in order to 
gain unauthorized access, while others leave 
audit trails to identify how the system was mis¬ 
used and by whom. But technical safeguards 
alone cannot protect information systems com¬ 
pletely; effective management policies and 
administrative procedures are also needed. 

Safeguard products are based both on adap¬ 
tations of existing technology and on innova¬ 
tions. Some of the approaches to controlling 
access, for example, rely on the use of pass¬ 
words or hand-geometry measurements. Tech¬ 
niques for authenticating messages include 
those that make use of newly developed math¬ 
ematical techniques called public-key cryptog¬ 
raphy and electronic procedures for providing 
"digital signatures" to verify the identity of 
the sender of a message. 

As is already becoming clear with cryptog¬ 
raphy, innovation is especially important for 
the evolution of new applications of informa¬ 
tion security. The capabilities now evolving 
will allow advances in the way many electronic 
transactions take place, from digital signatures 
and legally enforceable electronic contracts to 
improved individual and corporate accounta¬ 
bility and assured confidentiality of trans¬ 
actions. The potential of cryptography and 
related mathematical techniques for transform¬ 
ing the ways in which automated transactions 


Some new safeguard techniques have 
only begun to be explored, but show 
promise for broad applications in com¬ 
merce and society. 


are accomplished has only begun to be explored 
for applications in finance, commerce, law, and 
government. 


Users' Needs and Actions 

Commercial and other users want greater in¬ 
formation security to reduce fraud, embezzle¬ 
ment, and errors; cut the costs of operations; 
and protect proprietary and private data. Users 
have begun to incorporate information safe¬ 
guards in a gradually expanding range of ap¬ 
plications. For example, information security 
is being applied in the banking industry to re¬ 
duce errors and opportunities for fraud, and 
in other industries as part of an increasing reli¬ 
ance on electronic, rather than paper-based, 
transactions. These electronic transactions al¬ 
low businesses to simplify paper work and re¬ 
duce inventory costs. 

Although there are significant differences in 
the needs for information security even among 
users within the same industry, civilian users 
often focus on data integrity. They also tend 
to be especially sensitive to the importance of 
the ease of use and cost-effectiveness of safe¬ 
guards. Many defense needs, too, resemble 
those of civilian users, but in addition, some 
defense functions, especially intelligence activ¬ 
ities, have a primary need for confidentiality. 
These latter needs must be ensured, even if 
they entail higher cost or lowered ease of use. 

Business users have tended to consolidate 
their requirements for common information 
safeguards through voluntary participation in 
the activities of U.S. and international orga¬ 
nizations that develop open public standards. 

I n contrast, NSA sets its own standards in a 
process that is sometimes open to the public 
(as is typical for computer security) and some¬ 
times not (as is typical for communications 
security). These and other differences raise the 
question of whether information safeguards de¬ 
signed by and for the defense and intelligence 
agencies are well suited to the needs of com¬ 
mercial and other users. 
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THE ROLE OF THE FEDERAL GOVERNMENT 


The Federal Government has played an ac¬ 
tive role in the development of information 
safeguards. NSA was established to unify U.S. 
signals intelligence operations against foreign 
communications and to protect U.S. military, 
intelligence, and diplomatic communications 
against foreign government intelligence gather¬ 
ing efforts. As NSA's concerns expanded to 
include computer security, the agency has be¬ 
gun to provide technological leadership for ci¬ 
vilian uses of information safeguards, presum¬ 
ably in ways that minimize the impact on its 
foreign intelligence operations. 


Federal policy for information secu¬ 
rity has long been dominated by na¬ 
tional security interests and con¬ 
trolled by DoD and NSA. 


In addition, the National Bureau of Standards 
has played a central role in setting informa¬ 
tion security standards for civilian Govern¬ 
ment agencies and certifying commercial prod¬ 
ucts. NBS's role stems from the Brooks Act 
of 1965, which authorized it to set standards 
for computers used by Government agencies. 


A civilian agency, NBS, has become 
active in the development of computer 
security standards since the mid- 
1970s. Recent policy directives, how¬ 
ever, have shifted control back to DoD 
and NSA, raising questions of the 
boundary between civilian and mili¬ 
tary authorities. 


NBS, with the active technical support of 
NSA, spearheaded the development of a na¬ 
tional standard for cryptography, the Data En¬ 
cryption Standard (DES). DES, which was 
adopted by NBS in 1977, has become the ba¬ 


its activities in providing standards 
and specifications, certifying equip¬ 
ment, and developing secret crypto¬ 
graphic algorithms, have made the 
Government influential in the deci¬ 
sions of some industries about their 
use of information safeguards. 


sis for many private cryptographic standards. 
It is also the standard in use by other civilian 
Government agencies. In addition, both NBS 
and NSA have facilitated the entry of crypto- 
graphic-based safeguards into the market by 
certifying and endorsing commercial products 
and developing guidelines for their use. 

In the mid-1980s, however, changing Gov¬ 
ernment policies provided new direction for the 
Federal role in, and leadership for, information 
security. National Security Decision Directive 
145 (NSDD-145), issued in 1984, expanded Fed¬ 
eral concerns to include "safeguarding systems 
which process or communicate sensitive infor¬ 
mation from hostile exploitation, established 
a high-level interagency group to implement 
the new policy, and assigned key responsibili¬ 
ties to the Department of Defense and NSA, 

One result of NSDD-145 was to authorize 
NSA to develop information safeguards for 
Government agencies to protect unclassified 
information. In effect, this meant that respon¬ 
sibility for certifying DES as a national stand¬ 
ard and other safeguard technologies was 
transferred from NBS to NSA. In a major shift 
in policy, NSA announced in 1986 that it would 
no longer certify DES-based products for Gov- 


There has been controversy about 
DoD restrictions on the export of 
cryptographic equipment embodying 
classified technology. 
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There are significant differences in 
users' needs for information security 
even among users within the same in¬ 
dustry, which raises the question of 
whether information safeguards de¬ 
signed by and for defense and intelli¬ 
gence agencies are well suited to the 
needs of commercial and other users. 


ernment use beginning in 1988. Instead, NSA 
said it will supply its own, secret cryptographic 
designs for use by U.S. companies and civil¬ 
ian Government agencies—a move that has 
raised some industry concerns because it might 
result in restrictions on the use of equipment 
embodying these designs and it might also al¬ 
low NSA itself to eavesdrop on corporate com¬ 
munications. 

This shift of responsibilities from NBS to NSA 
raised several other questions. One involves 
the efficacy of NSA-developed standards and 
guidelines for users outside the national secu¬ 
rity community. Another question concerns 
the scope of NSA's activities in light of NBS's 
legislated responsibilities under the Brooks 
Act. 

In a later directiveMntended to implement 
NSDD-145, the National Security Council placed 


In the current reexamination of pol¬ 
icy on information security, the imme¬ 
diate policy question is whether NSA 
or NBS should be responsible for non¬ 
defense applications. 


‘National Policy on Protection of Sensitive, but Unclassified 
Information in Federal Government Telecommunications and 
Automated Information Systems, National Security Council, 
Oct. 29, 1986. 


new controls on what it called unclassified, but 
sensitive information in various Government 
information systems and commercial databases. 
These efforts raised such a protest from sci¬ 
entific and civil liberties organizations and the 
business community that the directive was re¬ 
scinded during the course of congressional 
hearings in 1987 and NSDD-145 itself was put 
under review. 


The expanding sphere of national secu¬ 
rity concerns embedded in informa¬ 
tion security policy is now seen as 
competing with other national inter¬ 
ests and affecting basic principles 
such as the appropriate balance be¬ 
tween defense and civilian authority 
and public access to information. 


These changes in Federal policies on infor¬ 
mation security indicate an expanding sphere 
of "national security" concerns—a concept 
whose definition is subject to interpretation 
and change. The changes point out clearly that 
Federal policy for information security, until 
recently a topic of little concern beyond the 
Government's defense and intelligence com¬ 
munities, now has significant impact on much 
broader areas of national interest, including 
commerce, innovation, free flow of information, 
and civil liberties. They also indicate that ten¬ 
sions are likely to recur as the use of automated 
information systems continues to expand. 


Longstanding fundamental issues in¬ 
clude how to resolve conflicts involv¬ 
ing the boundary between the author¬ 
ity of the legislative and executive 
branches when national security is a 
consideration and the process by which 
these policies are developed. 
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POLICY ALTERNATIVES 


Federal policy for the security of informa¬ 
tion in computer and communications systems 
seeks to achieve a number of objectives rang¬ 
ing from protecting national security to foster¬ 
ing development of private sector competence 
to meet its own needs. Policy might also seek 
to establish a structure within the Government 
that can provide leadership and standards both 
for defense and intelligence purposes and for 
the business community, Although there are 
often strong differences of opinion on the 
merits of specific Federal policies, there seems 
to be broad agreement on the types of goals 
that such policies might aim to achieve. Some 
of these goals are to: 

• foster the ability of the private sector to 
meet the evolving needs of businesses and 
civilian agencies for information safeguards; 

• minimize risks to intelligence capabilities 
resulting from independent, private sec¬ 
tor developments; 

• clarify the roles of Federal agencies con¬ 
cerning safeguard technology, particularly 
those of NSA and NBS; 

• promote competition, innovation, and 
trade; 

• separate, where practical, defense and in¬ 
telligence agencies' missions from those 
of the private sector and civilian agencies; 
and, 

• minimize or reduce the tensions between 
Federal policies and private sector ac¬ 
tivities. 

The basic alternatives for policy center around 
the relative roles of NBS, NSA, and the pri¬ 
vate sector in providing leadership in the tech¬ 
nological development and use of safeguards 
for unclassified electronic information. The op¬ 
tions are: 

Option 1. Centralize Federal activities relat¬ 
ing to safeguarding unclassified information 
in Government electronic systems under the 
National Security Agency. 

Option 2. Continue the current practice of de 
facto NSA leadership for communications and 
computer security, with support from the Na¬ 
tional Bureau of Standards. 


Option 3. Separate the responsibilities of NSA 
and NBS for safeguard development along the 
lines of defense and nondefense requirements. 

The bill currently being considered by Con¬ 
gress (HR 145) is a variation of option 3 and 
is an attempt to resolve, by legislative means, 
policymaking for information security. One of 
its principal results is that it would clarif y the 
roles of NBS and NSA, and tend to separate 
civilian and defense interests. Among its main 
shortcomings is the absence of a capability to 
support unclassified research in safeguard 
technology. This capability, perhaps more than 
any other single factor, would strengthen the 
ability of the private sector to satisfy its own 
needs for information security and reduce de¬ 
pendence on the Government. 

In option 3, additional choices can be made. 

A. Provide Federal support to the private sec¬ 
tor to specify, develop, and certify safeguards 
for business and civilian agencies. NBS would 
be the focal point for all safeguard standards 
for unclassified information; NSA would re¬ 
main the focal point for classified information. 

B. Allow free market forces to develop safe¬ 
guards for nondefense needs, with NBS act¬ 
ing as the focal point for Government needs 
for safeguards for unclassified information. 
NSA would satisfy the requirements of De¬ 
partment of Defense agencies and their con¬ 
tractors, and provide technical advice for other 
users. 

Each of the three broad options has short¬ 
comings. Essentially, the choice depends on 
whether policymakers prefer to tolerate greater 
tensions, a blurred division between defense- 
intelligence and civilian matters, and more con¬ 
strained private sector technical capabilities, 
or to take larger risks that intelligence capa¬ 
bilities will be damaged by proliferation abroad 
of U.S. safeguard technology. 

OTA'S evaluation indicates that centraliz¬ 
ing authority in NSA for developing safeguards 
for unclassified information in Government 
systems (option 1) or maintaining the current, 
blurred relationship between NBS and NSA 
(option 2) would be the least effective in mini- 
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mi zing tensions and in separating defense and 
intelligence missions from civilian matters. On 
the other hand, U.S. foreign signals intelligence 
gathering operations may be poorly served if 
NSA is not party to all safeguard development 
(option 3). 

I ndependent of institutional arrangements 
in the United States, however, there are also 
risks to our intelligence that stem from sources 
outside the control of U.S. policy, such as the 
policies of foreign governments, actions taken 
by international business interests, and the ef¬ 
fects of foreign innovation. 

There are inherent tensions between U.S. in¬ 
telligence interests and evolving nondefense 
needs for information security technology. In 
addition, there are enduring conflicts involved 
in balancing national security and broader na¬ 
tional interests. Potential conflicts also exist 
between the tendency to restrict access to un¬ 
classified, but sensitive information, and con¬ 
cern for the free flow of information and con¬ 
stitutional rights. Perhaps the optimum result 
that legislation should be expected to achieve 
is to provide a clear policy basis against which 
to measure future imbalances. 

I n addition, any option that raises the cost 
of safeguards, impairs user operating efficiency, 
or results in incompatible standards for defense 
and non-defense users, will discourage the de¬ 
velopment and use of commercial products. 

There are no options for Federal policy that 
clearly and simultaneously foster all national 
objectives without costs to others. The alter- 


For policies to meet the evolving needs 
of the Nation, they will have to be 
flexible and balance various national 
interests. 


natives for implementing policy differ mainly 
in the source of national leadership for the de¬ 
velopment and nondefense use of safeguard 
technology, the level of Federal encouragement 
or control of private sector innovation, and in 
flexibility to adjust to changing needs of com¬ 
merce and society. 

Three main observations result from OTA's 
analysis: 

1. Excessive accommodation of either com¬ 
mercial or defense and intelligence con¬ 
cerns could prove damaging to overall 
U.S. interests. 

2. Policies that are inflexible, based primar¬ 
ily on defense and intelligence interests 
or on Government control of technologi¬ 
cal advances in the private sector, are 
likely to create substantial tensions with 
the widening range of other national and 
international interests affected by them. 

3. A process for weighing competing na¬ 
tional interests is needed. Centering pol¬ 
icymaking in the Department of Defense 
alone and, in particular, NSA would make 
that difficult. 


Chapter 2 
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Chapter 2 

Introduction 


On a day nearly 4,000 years ago, in a town 
called Menet Khufu bordering the thin ribbon 
of the Nile, a master scribe sketched out the 
hieroglyphics that told the story of his lord's 
life and in so doing he opened the recorded his¬ 
tory of cryptology. 

-David Kahn, The Codebreakers: 

The Story of Secret Writing 

Information technology is revolutionizing 
society as profoundly as mechanical technol¬ 
ogy did in creating the industrial revolution. 
As a result, we are increasingly dependent for 
society's everyday functioning on electronic 
ways to gather, store, manipulate, retrieve, 
transmit, and use information. By all accounts, 
the importance of automated information sys¬ 
tems and the communications systems that 
link them will continue to increase and trans¬ 
form the way we conduct our government, 
business, scientific, and even personal affairs. 

This increasing dependence on information 
technology is creating a need to improve the 
confidentiality and integrity of electronic in¬ 
formation, i.e., its security, so that computer 
and communications systems are less vulner¬ 


able to intentional and accidental error or mis¬ 
use. This will allow us to use the new systems 
with confidence in a widening range of appli¬ 
cations, such as electronic contract negotia¬ 
tions, with assurance that private, proprietary, 
or intellectual information entrusted to them 
will be properly protected. 

Progress is being made in developing tech¬ 
niques for satisfying these needs. However, 
both the pace and direction of this progress 
will be affected by two factors: 

• the traditional use of Federal information 
security policy, often as a means of im¬ 
plementing national security goals; and 

.the need to accommodate the variety of 
national interests that are affected by Fed¬ 
eral policy on information security. 

To put the topic in perspective, just as in¬ 
formation security is a small, but vital part 
of the larger framework of information tech¬ 
nology, Federal policy on information security 
is a reflection of broad national interests, rather 
than that of national security alone. 


SOCIETY’S CHANGING NEEDS FOR INFORMATION SECURITY 


The need for information security is not new. 
It dates back hundreds, even thousands, of 
years. Methods for conveying confidential mes¬ 
sages were used in ancient Greece and much 
of the Western world by kings, generals, diplo¬ 
mats, and lovers. Today, the governments of 
most developed nations make extensive use of 
encoding techniques to keep their sensitive 
electronic communications secret. 

Technology itself has long played a leading 
role in causing certain attributes of informa¬ 
tion security to become highlighted. The in¬ 
troduction of the telegraph brought concern 
about eavesdropping. Inexpensive sound and 
video recording capabilities raised concerns 


about unauthorized reproduction. And the pro¬ 
liferation of electronic storage quickly brought 
questions of how to prevent misuse of elec¬ 
tronic data. I ndeed, most of the attributes of 
information that are of concern today —confi¬ 
dentiality, accuracy, accountability-have long 
existed. Technological advances have not only 
modified their importance but have also intro¬ 
duced fundamentally new issues. 

Today's technology provides new capabil¬ 
ities that raise both familiar and new concerns 
for security. High on the list of current con¬ 
cerns are the need for controls on capabilities 
for accessing, altering, and duplicating elec¬ 
tronic data, and the ease of retrievability and 
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Segment of original letter (top) and translation (bottom) from Thomas Jefferson to James Madison, August 2, 1787. 
Reproduced from The Papers of James Madison, vol. 10, 1787-1788, pp. 124-126. Library of Congress. 


These views are said to gain upon the nation. The kings passion for drink is divesting him of 
all respect. The queen is detested and an expiosion of some sort is not impossible. The ministry 
is alarmed, & the surest reliance at this moment for the pubiic peace is on their two hundred 
thousand men. I cannot write these things in a public dispatch because they would get into a 
newspaper and come back here. 


searchability of databases. Still other concerns 
include ensuring the accuracy of messages and 
verifying their origin, and providing means for 
auditing or reconstructing transactions. These 
concerns have arisen both in Government 
agencies and in businesses worldwide because 
traditional physical security measures are lim¬ 
ited in their ability to prevent misuse of infor¬ 
mation in today's automated world. 

In addition, as information technology in¬ 
creasingly substitutes for paper-based systems, 
it is important to retain familiar capabilities 
of the older technology. I n fact, many of the 
developments in security are attempts to im¬ 
bue in modern information systems parallels 
to the more familiar safeguards and procedures 
of paper-based and face-to-face forms of busi¬ 
ness transactions that we have become accus¬ 
tomed to using—as discussed later. 

Some security techniques are adaptations of 
earlier ones, while others are genuine innova¬ 
tions. Modern equivalents of such traditional 
security tools as passwords, notary public 


"seals, codebooks, physical identification, 
separation of authority, and auditable book¬ 
keeping procedures are all being used or con¬ 
sidered today, separately or in combination, 
to contain misuse of electronic information. 
Prominent among the recent innovations are 
public-key cryptography, and the "zero knowl¬ 
edge' proof. The former may be used to estab¬ 
lish private communications between previously 
unacquainted parties, as well as to provide the 
electronic equivalent of a personal signature. 
The latter can be used to demonstrate that a 
person knows a piece of information without 
revealing the information in the process. For 
example, it could be used to demonstrate knowl¬ 
edge of a solution to a "hard problem" with¬ 
out revealing anything about the specific so¬ 
lution method. Each of these innovations have 
broad implications for new applications of in¬ 
formation technology. 

Such encryption-based safeguards provide 
a basis for today's sophisticated information 
security technology and an expanding range 
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of commercial applications. Banks are begin- 
ing to use these technologies to safeguard 
electronic fund transfers. Similarly, some com¬ 
panies are beginning to use them to protect 
the confidentiality y of electronic mail and to re¬ 
place paper-based business transactions with 


less expensive electronic equivalents. Expand¬ 
ing these capabilities to include proof of mes¬ 
sage receipt and acceptance, and protection of 
the anonymity of those taking part in trans¬ 
actions, is likely to require further innovation. 


INFORMATION SECURITY AND GOVERNMENT POLICY 


Federal policy for the security of electronic 
information was, until recently, an obscure 
topic having little public interest. In the first 
place, virtually all such poli^ was related to 
the secrecy of military, intelligence, and diplo¬ 
matic information. Second, the authority and 
expertise for keeping information secure rested 
with defense and intelligence agencies that nor¬ 
mally do not engage in open policymaking. 
Moreover, except for defense contractors. Fed¬ 
eral policies had little effect on the public or 
on private businesses. 

The Government's national security focus 
created an incentive to control the prolifera¬ 
tion abroad of communications safeguard prod¬ 
ucts and, in fact, to control the technology 
itself. The purpose was to deny foreign adver¬ 
saries access to valuable U.S. technology and 
to protect the viability of U.S. foreign intelli¬ 
gence operations. 

During the 1970s, the National Bureau of 
Standards (NBS) began to develop computer 
security standards for use by Government 
agencies based on its authorities stemming 
from the Brooks Act of 1965. In 1977, with 
technical assistance from the National Secu¬ 
rity Agency (NSA), NBS adopted the Data En¬ 
cryption Standard (DES) as the national stand¬ 
ard for cryptography. For the first time, a 
published cryptographic standard became 
available for civilian agencies, and it quickly 
was adopted by business users and the Amer¬ 
ican National Standards I nstitute as the ba¬ 
sis for many industry standards. NBS also 
began to validate commercial products imple¬ 
menting DES, thereby increasing users' con¬ 
fidence in the products' conformance with the 


Federal standard. As a consequence, DES is 
gradually becoming used for many applications. 

Interest in information security is now world¬ 
wide and an active area of research and devel¬ 
opment in western European countries and 
J apan. DES has been considered as an interna¬ 
tional standard during recent years in forums 
composed of representatives from interna¬ 
tional businesses and governments (see ch. 5). 

The proliferation of information technology 
has made more sensitive data accessible to 
more users, thereby creating another form of 
new vulnerability to misuse. In order to limit 
potential damage to U.S. interests, particularly 
from foreign intelligence agencies, the execu¬ 
tive branch has sought to control access to un¬ 
classified information that it deemed sensitive. 
Although the definition of such information 
has been open to considerable debate that is 
still unresolved, it may include proprietary in¬ 
formation filed with defense agencies and the 
Environmental Protection Agency, economic 
data collected by the Commerce and Treasury 
Departments, and personal data kept by the 
Department of Health and Human Services. 

Policy directives issued by the executive 
branch in 1984 and 1986, and ensuing congres¬ 
sional hearings in early 1987, have significantly 
increased public concern over Federal informa¬ 
tion security policy. The expanding pattern of 
defense-intelligence interests as a central fo¬ 
cus in the formulation of policy is seen as com¬ 
peting with other major national interests and 
has become the subject of public debate. The 
focus of the debate has been on the potential 
impact of these policies on some fundamental 
tenets of American government: the separation 
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of and appropriate balance between defense 
and civilian authority, constitutional rights, 
open science, and Government controls on pub¬ 
lic access to information. The debate also raises 
the question of how to resolve conflicts involv¬ 
ing the boundary between the authorities of 
the legislative and executive branches in mak¬ 
ing policy when national security is a consid¬ 
eration. On a more practical level, there are also 


serious misgivings about the applicability of 
the security approach taken by the Depart¬ 
ment of Defense (DoD) to the needs of the pri¬ 
vate sector. 

At the same time that these Federal policies 
and their effects have been unfolding, trends 
are visible that may significantly influence 
commerce and other private sector interests. 


IMPORTANCE OF INFORMATION SECURITY TECHNOLOGY 

AND POLICIES 


Interest in information security technology 
now clearly extends beyond the Federal Gov¬ 
ernment to the private sector as well. Its im¬ 
portance to business and society cannot be 
gauged adequately by the dollar amount of 
sales of products, but by the range of applica¬ 
tions that the technology makes possible. 

Safeguard technology is likely to become a 
mainstay for facilitating tomorrow's automated 
world of finance, commerce, and law, much as 
automated message authentication and veri¬ 
fication are now becoming essential for the 
banking industry worldwide. These technol¬ 
ogies are used to authorize transactions, 
authenticate users, verify the correctness of 
messages and documents, certify that legiti¬ 
mate transactions have occurred and identify 
the participants, and protect individual and 
corporate privacy. 

Such applications are likely to be used to 
establish a legally valid electronic equivalent 
of the centuries-old, paper-based systems for 
authorizing access to information, identifying 
parties to agreements, authenticating letters 
and contracts, ensuring privacy, and certify¬ 
ing value. In this sense, they will replace such 
traditional safeguards as letters of introduc¬ 
tion, signatures, and seals, and assume an im¬ 
portance difficult to foresee from the limited 
applications of today. 

Both Government and industry are inter¬ 
ested in improving the security of information 
they own or are entrusted with. Two major 


trends reflect these interests and are bringing 
attention to the direction of Federal policy. One 
concerns the Federal Government's need to 
keep an increasing amount of unclassified in¬ 
formation confidential while, at the same time, 
gathering intelligence from other countries. 
The question of what information ought to be 
kept confidential, or have access to it con¬ 
trolled, is not well defined, but subject to judg¬ 
ments concerning potential damage to the Na¬ 
tion's security; examples of such information 
might include corporate proprietary data that 
could benefit foreign competitors or data use¬ 
ful to terrorists. The other trend is the evolv¬ 
ing and growing need of the private sector to 
safeguard certain of its information and infor¬ 
mation resources from theft, destruction, or 
other misuse. 

Federal policy has been formulated both by 
the executive and legislative branches, some¬ 
times with similar purposes. Policy in infor¬ 
mation security has often been set by the Presi¬ 
dent, based on national defense needs. This has 
invariably led to a major role for the DoD. Leg¬ 
islation, on the other hand, has also been used 
to establish policy for information security. 
The latter has often been based on other na¬ 
tional interests, such as the privacy of tele¬ 
phone communications and of data in Govern¬ 
ment computer systems. Such laws typically 
have involved civilian agencies in their imple¬ 
mentation. 

Society's needs and the new demands stim¬ 
ulated by technology are causing these sepa- 
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rate policy paths to converge. With this con¬ 
vergence, major stresses are becoming visible 
in the balancing of competing national inter¬ 
ests and with the process by which policy is 
developed. 

The focus of information security poli^ on 
the military, intelligence, and diplomatic in¬ 
terests of Government has particular signifi¬ 
cance for the issues of today for two interrelated 
reasons. First, responsibility for protecting the 
security of Government electronic information 
is consolidated within the defense and intelli¬ 
gence communities, where NSA has been given 
the lead responsibility. The second concerns 
the broadening scope of executive branch ac¬ 
tions taken for reasons of national security. 
There is a tendency for this concern to include 
unclassified, but sensitive information. 

NSA was created in 1952 as an agency of 
DoD by secret Executive Order. For decades 
its existence was not made public, and the only 
extensive public description of its operations 
were provided in the book. The Puzzle Palace 
which the agency tried to prevent from being 
published.'NSA has been the subject of con¬ 
siderable controversy during the past decade 
due to its secret operations.' 

‘James Bamford, The Puzzle Palace (New York, NY: Pen¬ 
guin Books. 1983). 

‘Ibid. 


NSA functions are a consolidation of mis¬ 
sions previously performed by each of the mil¬ 
itary departments. One of its two main missions 
is foreign signals intelligence, i.e., gathering 
information principally by intercepting and 
decoding electronic communications. It also 
protects U.S. military and diplomatic commu¬ 
nications by enciphering them or making them 
less accessible to interception by the intelli¬ 
gence agencies of other countries. Such work 
is classified. NSA's work in developing encryp¬ 
tion techniques, however, has made it the un¬ 
disputed technical leader in the United States. 
More recently, the agency has widened its 
scope to include computer security. 

Some of these Government efforts to reduce 
vulnerabilities from unauthorized access to 
communications systems are also creating ten¬ 
sions with other defense and intelligence in¬ 
terests. T 0 the extent that methods to reduce 
unauthorized access to these systems enter the 
public domain, they can be used by other coun¬ 
tries, thereby damaging NSA's ability to gather 
intelligence. 

Since the 1970s, DoD has become increas¬ 
ingly concerned about the vulnerability y of U.S. 
communications to foreign intelligence activ¬ 
ities. As a result, NSA has launched several 
programs to better saf^uard the Government 
electronic communications. NSA has also en¬ 
couraged domestic common carriers to provide 
tariffed "confidential" communications serv¬ 
ices for customers and has briefed dozens of 
U.S. companies on the vulnerability of com¬ 
munications systems to interception. 

Second, where "national security' has gen¬ 
erally been used to control classified military 
and certain diplomatic electronic information, 
executive branch directives of 1984 and 1986 
extend this rationale to encompass unclassi¬ 
fied information considered to be sensitive. 

A current debate concerns the appropriate 
agency for Federal leadership for developing 
security standards for civilian computer sys¬ 
tems—N SA or the Department of Commerce's 
NBS. However, the core issue is more basic. 
It goes to the question of whether or not a de¬ 
fense agency should control matters that are 
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central to civilian interests, such as commerce 
and the free market, constitutional rights, and 
principles of open science. It also involves ques¬ 
tions about executive branch authority under 
the Constitution to set policy based on national 
security. Yet a third dimension involves soci¬ 
ety's evolving needs for information security 
and the appropriate Federal role in accommodat¬ 
ing those needs. 

The event that triggered the current exami¬ 
nation of Federal policy was the National Secu¬ 
rity Decision Directive 145 (NSDD-145), dated 
September 17, 1984. That executive branch 
directive established as Federal policy the safe¬ 
guarding of unclassified, but sensitive infor¬ 
mation in communications and computer sys¬ 
tems that could otherwise be accessed by 
foreign intelligence services and result in "seri¬ 
ous damage to the U.S. and its national secu¬ 
rity interests. " 

NSDD-145 also created an interagency man¬ 
agement structure to implement the policy. It 
gave leading roles to the National Security 
Council, DoD, and NSA. These roles include 
defining what information to protect, decid¬ 
ing on the appropriate technology for safe¬ 
guarding unclassified information, developing 
technical standards, and assisting civilian 
agencies in determining the vulnerabilities of 
systems to misuse. 

NSDD-145 raised numerous questions from 
critics in other Government agencies as well 
as from civilian sources, some of which relate 
to the broader issues mentioned above. They 
include concern for: 

• intermingling defense and civilian matters; 

• public access to Government information; 

• the legislated responsibility y of NBS to de¬ 
velop computer standards for the Federal 
Government under the Brooks Act of 1965, 
as amended; 

• private sector development and use of 
safeguard technology; and 

• expanding the responsibilities of NSA in 
civilian matters, particularly in light of the 
conflict of interest between its intelligence 
mission and commercial needs, and its 
lack of direct public accountability. 


The level of public concern was elevated fur¬ 
ther with the release by the National Security 
Council in October 1986 of a policy statement 
defining what information is sensitive and 
therefore possibly in need of safeguarding.^ 
The release coincided with well-publicized Gov¬ 
ernment activities aimed at identifying and 
possibly restricting access by selected foreign 
governments to unclassified, but sensitive data 
in Government and commercial automated in¬ 
formation systems. As a result, the issue of 
Government restrictions on public access to 
unclassified information, whether or not in 
Government systems, has become a public con¬ 
cern. The statement, though rescinded in early 
1987, caused public alarm that Illustrated the 
extent of sensitivities among diverse organi¬ 
zations concerning controls on unclassified in¬ 
formation. 

Perhaps the major effect of these executive 
branch policies to date has been to encourage 
an examination by Congress of the effects of 
such defense-oriented policies on civilian mat¬ 
ters. Legislation has been proposed to reestab¬ 
lish civilian control over the security of unclas¬ 
sified information systems. In the short term, 
many of the currently prominent issues related 
to information security policy are likely to be 
addressed by congressional debate over the 
proposed legislation, including the respective 
roles of NBS and NSA in setting standards 
and the measures to be taken, if any, to con¬ 
trol access to unclassified information. 

For the longer term, however, the vulnera¬ 
bilities to misuse of information systems will 
depend on the development and widespread 
use of technical, administrative, and related 
safeguards. The availability of high-quality in¬ 
formation safeguards worldwide, especially 
cryptographic-based systems, on the other 
hand, will make intelligence gathering more 
difficult for the United States. 


‘National Policy on Protection of Sensitive, but Unclassified 
Information in Federal Government Telecommunications and 
Automated Information Systems, National Security Council, 
Oct. 29, 1986. 
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BUSINESS INTERESTS IN INFORMATION SECURITY 


The question of the extent to which infor¬ 
mation systems should be protected depends 
on the various perceptions of threats to those 
systems. Simply put, U.S. defense and intelli¬ 
gence agencies are concerned about unauthor¬ 
ized access to commercial communications and 
computer systems by the intelligence organi¬ 
zations of foreign countries, particularly the 
Soviet Union. However, U.S. businesses or ci¬ 
vilian agencies generally do not consider their 
main risk to be from such sophisticated adver¬ 
saries. 

The range of threats to business information 
systems is not as broad as that faced by de¬ 
fense and intelligence agencies. Business' con¬ 
cerns for misuses are mainly by insiders, com¬ 
petitors, and, to a limited extent, hackers. 

Companies that safeguard their communi¬ 
cations seem either to have business interests 
at risk (e.g., banking and oil exploration firms 
concerned about unauthorized interception) or 
are required by the Government to use pre¬ 
scribed safeguards (e.g.. Federal Reserve banks 
and defense contractors). A number of busi¬ 
nesses are finding additional reasons to pro¬ 
vide some safeguards for information in com¬ 
puters and communications systems. These 
reasons include prudent management of re¬ 
sources and methods of improving efficiency, 
as well as preventing the loss of proprietary 
information or theft of funds. Private busi¬ 
nesses, in addition, often are more concerned 
with information integrity rather than con¬ 
fidentiality. 

For their part, businesses need safeguards 
that do not unduly slow down or otherwise im¬ 


pair normal business operations; that is, in or¬ 
der to be useful, security measures must be 
practical and efficient. U.S. firms engaged in 
international commerce and banking, to be able 
to use these systems, also must be able to 
export them to their subsidiaries in other 
countries. 

Concern for cost is an area in which contrasts 
between defense and intelligence agencies and 
business interests are even more apparent. Pri¬ 
vate businesses must remain profitable and 
competitive, and, therefore, they resist safe¬ 
guards unless they are cost-effective. Defense 
and intelligence agencies, because of their mis¬ 
sions, are more tolerant of higher costs or of 
operational impediments that might result 
from adopting security measures. One of their 
most important goals is to prevent valuable 
information from falling into the wrong hands, 
even if significant trade-offs are involved. 

Nevertheless, there are many similarities be¬ 
tween the various defense and nondefense, as 
well as between Government and private sec¬ 
tor, requirements for information security, al¬ 
though their requirements vary widely. Both 
need to control access to databases, restrict 
unauthorized activities, provide audit capabil¬ 
ities, safeguard sensitive data and trans¬ 
actions, and, generally, maintain the integrity 
of data and continuity of service. Thus, Fed¬ 
eral policies that affect the longstanding NBS 
and NSA roles in developing technology to 
safeguard information systems will also affect 
private sector security programs. 


CONCLUSIONS 


The need for information security has existed 
for a long time. The particular attributes of 
security perceived to be important tend to 
change emphasis with time and technology, 
often in ways that are difficult to predict with 
confidence. Society's ability to satisfy its 


changing needs for improved security depends 
on its ability to adapt existing technologies 
and techniques as well as to innovate (see ch. 
4). Government policy can bean important de¬ 
terminant of how, when, and by whom these 
needs are satisfied. 
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These conclusions imply that policies predi¬ 
cated solely on solving current security prob¬ 
lems are not likely to endure because needs for 
information security are not static. Further, 
those based on controlling or restricting pri¬ 
vate sector actions are likely to damage other 
societal needs. In other words, flexibility and 
balance are important objectives of any pol¬ 
icy intended to accommodate a wide range of 
users' needs on a continuing basis. Moreover, 
it seems apparent that U.S. policies that can¬ 
not effectively be enforced internationally risk 
being overcome by events in other countries. 

Further, information security policy has a 
significance that is colored by different Inter¬ 
ests. One view sees its significance as relating 
mainly to the potential for foreign government 
intelligence via U.S. communications and com¬ 
puter databases and other threats to national 
security. From a different viewpoint, however, 
the significance of information security in¬ 
volves even more diverse interests. These in¬ 
clude basic democratic principles and civil lib¬ 
erties, as well as commercial business interests. 

In addition to these interests, each of which 
has its advocates, there is at least one other 
that has no clear advocate-the evolving needs 
of society for information security. Society's 
needs for information security has a long his¬ 


tory that Is continually evolving. Federal pol¬ 
icy also has an influence on advances in the 
technology underlying information security ap¬ 
plications, especially when the technology it¬ 
self is controlled for national security purposes. 

Regardless of the viewpoint taken, informa¬ 
tion technology poses a challenge to Govern¬ 
ment, Industry, and society. Modern informa¬ 
tion systems and the data within them are 
vulnerable—they can easily be misused. The 
challenge is to find ways to reduce the risks 
to acceptable levels while preserving tradi¬ 
tional democratic values and remaining flexi¬ 
ble to accommodate diverse and changing 
needs. 

The remainder of this report examines some 
of the technological foundations for informa¬ 
tion security and the main policy issues that 
are now evolving. I n order to focus attention 
on the issues facing Congress, many topics 
have been treated in a limited way. The report 
is not about potential disruptions to or recov¬ 
ery from disasters, for example, nor is it about 
physical security or safeguarding classified in¬ 
formation or constitutional rights. Its purpose, 
instead, is to describe the conflicting national 
interests that are shaping U.S. information 
security policies, the special role of cryptog¬ 
raphy and NSA's Intelligence mission, and the 
potential courses of action. 
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Chapter 3 

The Vulnerabilities of Electronic 

Information Systems 


FINDINGS 

• Today's public communication network is, for the most part, at ieast as easy 
to exploit as at any time in the history of telecommunications. The design 
of the public switched network is such that some parts of it are vulnerable 
to relatively easy exploitation (wiretaps on copper cable, over-the-air inter¬ 
ception), while others (e.g., fiber optic cable) present greater inherent barri¬ 
ers to exploitation. 

• There are, and will likely remain, opportunities for casual, generally untar¬ 
geted eavesdropping of communications. However, targeted and consistent- 
iy successful unauthorized access requires greater resources. For systems with 
sophisticated safeguards, the resource requirements may frustrate even the 
efforts of national intelligence agencies. However, adversaries with sufficient 
resources can eventually defeat all barriers except, perhaps, those based on 
high-quality encryption. 

• Users of communications systems face a spectrum of vuinerabilities ranging 
from those that can be exploited by unsophisticated, low-budget adversaries 
to those that can be exploited only by adversaries with exceptionally large 
resources. 

• Technological advances may increase the capabilities of adversaries to mis¬ 
use computer and communications systems, but these same advances can 
also be used to enhance security. 

• Increases in computing power and decentraiization of functions have increased 
exposure to some threats. Two types are i mportant: abuse by i ntruders who 
are not authorized to use or access the system, and misuse by authorized users. 
For many organizations, the latter problem is of most concern. 


INTRODUCTION 


Unauthorized disclosure, alteration, or de¬ 
struction of information in computer and com¬ 
munications systems can result from techni¬ 
cal failure, human error, or penetration. While 
each of these is important to users, this chap¬ 
ter focuses on malicious or deliberate unauthor¬ 
ized access and aiteration, principaily because 
it is in these areas that the impact of Federal 
policies is greatest. 


Wideiy different leveis of time, money, and 
technical sophistication are needed to gain 


unauthorized access to different parts of com¬ 
munications and computer networks. Some 
forms of covert access—placing wiretaps, in¬ 
tercepting mobile teiephone caiIs, hacking into 
poorly safeguarded computers—require few re¬ 
sources. Others, such as targeted and consist¬ 
ently successful unauthorized access, require 
greater resources because of the inherent bar¬ 
riers posed by the complex designs of these 
systems. For systems with sophisticated safe¬ 
guards, the resource requirements may frus¬ 
trate even the efforts of national intelligence 
agencies. 


23 
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Today's communications networks make use 
of diverse technology. This diversity is accom¬ 
panied by an uneven ease of unauthorized ac¬ 
cess to different parts of the system. Although 
security has not been a consideration in net¬ 
work design, today's systems provide some in¬ 
herent barriers to easy exploitation. However, 
adversaries with sufficient resources can even¬ 
tually defeat all barriers, except perhaps high- 
quality encryption.! Information in comput¬ 
ers also has been vulnerable to malicious dis¬ 
closure or alteration by various methods of 
penetration, including misuse by both author¬ 
ized and unauthoriz^ users. However, signif¬ 
icant advances are being made in the technol¬ 
ogy available for safeguarding computer and 
communications systems, as discussed in chap¬ 
ter 4. 

Many users of communications and com¬ 
puter systems remain unaware or unconvinced 
of significant threats due to such vulnerabili¬ 
ties. Most users are not now adding safe¬ 
guards, despite the growing volume and value 
of information being stored in or transmitted 
across these systems. 

I For th.purposes of this report, high-quality encryption 
techniques, for which there are no known and significant weak¬ 
nesses or deciphering shortcuts, are considered to be fully se¬ 
cure, in spite of the fact that trial-and-error attacks will yield 
the unenciphered text (plaintext) with 3 sufficient number of 
trials. 


Computer and communications systems are 
becoming increasingly closely intertwined. 
Consequently, information security is affected 
by the operation of all segments of these sys¬ 
tems. Communication networks pose one set 
of vulnerabilities to misuse that centers around 
unauthorized disclosure of information and to 
modification of data. When computers are 
linked by communications networks and are 
remotely accessible, the potential for misuse 
increases. 

This chapter focuses primarily on the vul¬ 
nerabilities to misuse of communications sys¬ 
tems and methods to safeguard against them. 
It is intended to raise awareness and under¬ 
standing of some of the technical vulnerabili¬ 
ties of these systems without providing a cook¬ 
book for prospective exploiters. ' Because 
communications and computer designs and ap¬ 
plications vary widely, their vulnerabilities are 
described in general ways in the sections that 
follow. 


^Although not the subject of this report, it should be noted 
that simpler and often less expensive ways than electronic eaves¬ 
dropping can be used to gain access to sensitive information; 
i.e., by bribing employees or by using spies. Thus, users consid¬ 
ering adopting electronic security measures must weigh all 
sources of potential losses, including those from human and other 
errors, as well as from dishonest employees. 


VULNERABILITIES OF COMMUNICATIONS SYSTEMS 


Background 

The developed world has become increas¬ 
ingly dependent on communications systems 
to operate businesses and governments at all 
levels. This can be seen in the revenue growth 
of communications services. The operating rev¬ 
enues from the domestic services of common 
carriers, for example, grew from $8.4 billion 
in 1960 to $166.5 billion in 1985. Similarly, rev¬ 
enues for domestic satellite services rose from 
near zero in 1975 to $17 billion in 1985. And 
Intelsat's revenues from international services 
went from near zero to $475 million in the past 
two decades. 


The growth in revenues reflects the fact that 
communications networks have become vital 
for many purposes, ranging from making in¬ 
terbank and government fund transfers to run¬ 
ning national electric power grids and the 
world's airlines. There is every indication that 
this dependence will increase with continued 
advances and new applications. Both the vol¬ 
ume of information communicated and its im¬ 
portance will continue to grow. 

There have been occasional concerns about 
the vulnerability of telecommunications sys¬ 
tems to misuse. I llustrations of some histori¬ 
cal concerns and examples of misuse during 
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the past century are shown in box A. Although 
today's systems are likewise vulnerable to mis¬ 
use, commerdai demand for improved security 
(e.g., message confidentiality and integrity) has 
been slow to materialize. Nevertheless, mes¬ 
sage authentication and digital signature ca¬ 
pabilities are becoming important for a num¬ 
ber of industries (see ch. 5). 

Little has been done to improve the security 
of public communications systems themselves. 
Generally, commercial systems have been de¬ 
signed for efficiency and reliability rather than 
security. Aiso, their inherent barriers to mis¬ 
use adequately serve most users' needs for con¬ 


fidentiality. Where additional safeguards are 
deemed necessary, "add-on" measures are 
taken either by the user directly (adding en¬ 
cryption or message authentication capabil¬ 
ities), through the special service options 
offered by some communications carriers (see 
chs. 4 and 5), or by a combination of adminis¬ 
trative procedures and the use of a protected 
private communications network. 

The regulatory climate has also influenced 
the confidentiality of systems. The communi¬ 
cations industry now faces an increasingly 
deregulated environment created, in part, by 
the divestiture of the American Telephone & 


Box A.—Examples of Historical Concerns for Misuses of Telecommunications Systems 


.In 1845, only one year after Samuel F. B. 
Morse's famous telegraph message "What 
hath God wrought, " a commercial encryption, 
or encipherment, code was pubiished as a 
means of ensuring secrecy. ’ 

.The first voice scrambler patent application 
was dated within 5 years of the first demon¬ 
stration of the telephone in 1881. 

.During the Civil War, "the first concerted ef¬ 
forts at codebreaking and communications 
system penetration, or telegraph line tapping 
were undertaken. 

.Soon after radio communications came into 
use in 1895, they were used for intercepting 
others' messages, particularly before and dur¬ 
ing World War l.'In the 1920s, the British 
surreptitiously eavesdropped on international 
cable traffic." 

.The diversion of an undertaker's business by 
an eavesdropping switchboard operator re¬ 
sulted in a patent grant for design of the first 
automatic switch in 1891, eventually eliminat¬ 
ing the need for switchboard operators. ' 


1 

David Kahn, The Codebreakers: The Story of Secret Writing 
(New York, NY: MacMillan, 1967), p. 189. 

^Supplementary Reports on I ntelligence Activities, Book V 1, Fi¬ 
nal Report of the Select Committee to Study Government Opera¬ 
tions with respect to I ntelligence Activities. U . S. Senate, Apr. 23, 
1976, p. 51. 

'^Kahn, op. cit., pp. 298-299. 

^JamesBamford, 7’he Puzzle Palace York, NY: Penguin 
Books, 1983). pp. 29-30. 

".J ohn Brooks, Telephone: The First Hundred Years ork, 

NY: Harper & Row, 1976). 


.During the 1920s, pervasive Government and 
criminal use of telephone wiretaps triggered 
congressional hearings and anti wiretap leg¬ 
islation. 

.Interception of teiecommunications signais 
played a key role in the course of World War 
11. It continues to be a source of foreign in¬ 
telligence gathering by major governments." 

.In recent years, there has been concern about 
the ease of misuse of a variety of telecommu¬ 
nications signals, ranging from the pirating 
and even malicious jamming of subscription 
television signals transmitted over satellite 
communications systems to the ease of inter¬ 
ception of cellular radio and mobile radiotele¬ 
phone signals.' 


'* Kahn, op. cit.; Bamford, op. dt.; Peter Wright. Spy Catcher (New 
York, NY: Viking Penguin, Inc, 1987); also see Glen Zorpette (cd,), 
"Breaking the Enemy's Code, " IEEE Spectrum, September 1977, 
pp. 47-51. 

'“HBO Piracy Incident Stuns other Satellite Users. " NewYork 
Times, Apr 29, 1986. p. Cl 7; "Look! Up in the Sky!" 

Post, Apr. 29,1986, p. ('1; “Mystery Broadcast overpowers HBO." 
JheINSTITUTE,yo\. 10, No.‘ 10; October 1986, p, 1; “Uplinks and 
HighJinks: Satellites Are the Hackers Next Frontier, " Newsweek, 
Sept. 29,1986, pp. .56-57, 
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Telegraph Co. (AT&T) in J anuary 1984. As a 
result, cost competitiveness has become an im¬ 
portant consideration for communications carr¬ 
iers. It discourages them from providing cost- 
incurring safeguards for which there is no sig¬ 
nificant demand. A 1980 survey found that, 
with few exceptions, the Nation's 10 largest 
common-carrier systems were not designed for 
securing messages against interception. On the 
other hand, at least one carrier did offer an add¬ 
on encryption service.^A 1986 OTA review 
of six carrier systems indicates that a combi¬ 
nation of protective services are becoming 
available, including encrypting radio signals 
or routing selected calls over cable transmis¬ 
sion facilitiesj 

Technology plays an important but uneven 
role in the security of communications sys¬ 
tems. The rapid proliferation of ground-based 
or terrestrial microwave radio since the 1940s 
and satellite communications since the 1960s 
have made interception easier by making sig¬ 
nals available over wide geographic areas. 
Other technical designs have also made inter¬ 
ception easier. Private lines (dedicated chan¬ 
nels) and cordless telephones, for example, can 
be intercepted because of the former's fixed 
position in the electromagnetic spectrum and 
the latter's complete dependence on radio 
waves.' Telephone lines can also be tapped 
relatively easily from wire closets on a user's 
premises.® 


'U S. Department of Commerce, National Telecommunica¬ 
tions and Information Administration, “Identification of Events 
Impacting Future Carrier System Protections Against Vulner¬ 
abilities to Pa^ive Interr^^bon, 1980. 

information Securify, me.. ..Vulnerabilities of Public Tele- 
communications Systems, ” OTA contract report, 1986. 

"For a description of the vulnerabilities of commercial tele¬ 
communications systems to unauthorized use, see the M ITRE 
Corp., Study of Vulnerability of Electronic Communication Sys¬ 
tems to Electronic Interception, vo\s A and 2, January 1977; 
and the MITRE Corp., Selected Examples of Possible Ap¬ 
proaches to Electronic Communication Interception Operations, 
January 1977. Also, Ross Engineering Associates, “Telephone 
Taps, ” OTA contract report, November 1986. 

'Technical course material from a seminar on communication 
and information security, conducted regularly by Ross Engi¬ 
neering Associates, Adamstown, MD, and other firms. For ad¬ 
ditional information on wiretaps, surveillance, and related topics, 
see: “Electronic Eavesdropping Techniques and Equipment, ” 
Law Enforcement Assistance Administration, National Insti¬ 
tute of Law Enforcement and Criminal Justice, republished by 


Local area networks (LANs), which already 
have wide use in the United States and abroad 
for linking computer-based systems, represent 
another area of information technology in 
which security has received little attention. 
The same technologies that make possible con¬ 
tinued improvements in computer and commu¬ 
nications systems can aiso provide the means 
for sorting rapidly through a multitude of sig¬ 
nals in search of specific telephone numbers, 
spoken words, or even voices." 

At the same time, technoiogy and engineer¬ 
ing can complicate the interceptor's work. Fi¬ 
ber optics, which is rapidly being installed in 
the United States to carry telephone and other 
communications,Requires far more sophisti¬ 
cation for successful interception because of 
the physical medium that carries the message. 
However, most customers will continue to have 
copper wires linking their offices and resi¬ 
dences with the local telephone company's of¬ 
fice for the long term. 

AT&T's modern electronic switching net¬ 
work, on the other hand, encrypts signaling 
information (the numbers of the called and call¬ 
ing parties) prior to transmission, thus deny¬ 
ing potential interceptors the opportunity 
to target specific users' messages. Many other 
engineering design features, such as signal 
compression, spread-spectrum techniques, 
channel demand assignment techniques, and 
packet switching also complicate any intercep¬ 
tor's work. They do so typically as a byproduct 
of other objectives. And, within the next few 
years, as end-to-end digital networks become 
more commonplace, encryption services are 
likely to become available if demand is ade¬ 
quate. Of course, adversaries with significant 


Ross Engineering Associates. Also, Robert L. Barnard, Intm- 
sion Detection Systems: Principles of Operation and Applica¬ 
tion [Stoneham, MA: Butterworth Publishers, 1981). 

'Whitfield Diffie, “Communications Security and National 
Security: Business, Technology, and Politics, ” Proceedings of 
the National Communications Forum, Chicago, IL, 1986, vol. 
40, Book 2, pp. 733-751. 

^Bellcore, “Evolving Technologies: Impact on Information 
Security, ” OTA contract report, Apr. 18, 1986. Also, see U.S. 
Congress, Office of Technology Assessment, Information Tech¬ 
nology R&D: Critical Trends and Issues, Case Study 2: Fiber 
Optic Communications (Springfield, VA: NTIS *PB 85-245660/AS, 
February 1985), pp. 67-75. 
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resources, such as a national intelligence orga¬ 
nization, can be expected to readily surmount 
most of these obstacles.^ 

A number of recent developments may also 
be making it more difficult to intercept, alter, 
or misuse signals. These include the advent of 
commercial encryption services and products, 
the emergence of new technical standards for 
safeguarding communicated and stored mes¬ 
sages, recent Federal Government policies that 
influence the safeguarding of sensitive infor¬ 
mation, and congressional legislation concern¬ 
ing unauthorized access to information in some 
systems (see chs. 4 through 6). 

Still another barrier exists to the misuse of 
data obtained from passively monitoring or in¬ 
tercepting automated information systems— 
the problem of obtaining unambiguously the 
information of direct interest. This is readily 
illustrated with an example of data in the form 
of passively intercepted communications sig¬ 
nals. Even if an adversary is reasonably as¬ 
sured that the Intercepted signals contain use¬ 
ful data among them, the adversary must 
select from what may be a wealth of trans¬ 
mitted data i n the hope of fi ndi ng the target 
information in a timely, complete, and under¬ 
standable context. Although these barriers are 
not likely to prove overwhelming to a deter¬ 
mined, sophisticated adversary, they do not 
exist for an adversary who has the coopera¬ 
tion of a knowledgeable Inside employee with 
the ability to select exactly the information 
of direct interest and with a full understand¬ 
ing of its context and limitations. 

Spectrum of Adversaries' 
Resource Requirements 

Telecommunication systems are vulnerable 
to unauthorized access in many ways, but the 
ease of such access varies widely depending 


“David Kahn, The Codebreakers: The Story of Secret Writ¬ 
ing (New York, NY: MacMillan, 1967); James Bamford, The 
Puzzte Palace (New York, NY: Penguin Books, 1983); “Soviets 
Take the High Ground, New Embassy on Mount Alto is a Prime 
Watching and Listening Post, ” Washing-ton Post, June 16, 1985, 
p. B 1; and The Soviet-Cuban Connection in Central America 
and the Caribbean, released by the Departments of State and 
Defense, March 1985, Washington, DC, pp. 3-5. 


on the resources available to potential adver¬ 
saries. Targeted, unauthorized access to a spe¬ 
cific user's communications over the public 
switched network, with a few exceptions, con¬ 
siderably increases the need for technical ex¬ 
pertise, sophisticated equipment, and money. 
The complexity of these systems can prevent 
unsophisticated adversaries who lack the nec¬ 
essary resources from gaining access to infor¬ 
mation, but would not stop those who have 
adequate resources from readily surmounting 
the barriers. 

Figure 1 illustrates the spectrum of vulner¬ 
abilities and adversaries' resource require¬ 
ments. On one extreme are readily exploita¬ 
ble sarv/ces (cordless telephones) and facilities 
(copper wire in local loops and wire closets) that 
require very limited resources for successful, 
targeted exploitation. Some cordless telephone 
conversations can be monitored using ordinary 
FM radios. Cellular radiotelephone conversa¬ 
tions can be monitored using tunable ultra high 
frequency (UHF) television receivers. Further, 
wiretapping equipment can be purchased for 
as little as $12. At the other end of the spec¬ 
trum are applications and facilities, such as 
fiber optic communications and technologies, 
particularly those using high-quality encryp¬ 
tion and other safeguards (see ch. 4), that make 
unauthorized access much more difficult. 

On the other hand, technology may simplify 
targeted interception through such means as 
computer-based data matching, word recogni¬ 
tion, and voice identification. For most users, 
concern about unauthorized access is more 
likely to focus not on potential high- or low- 
resource adversaries, such as wiretappers or 
Government intelligence agencies, but on those 
in between. 

The situation is far from a static one. The 
spectrum of vulnerabilities shifts as techno¬ 
logical advances change the nature of commu¬ 
nications systems and the resources available 
to potential adversaries. Technological ad¬ 
vances, other than those associated with in¬ 
formation security, tend to increase the capa¬ 
bilities of adversaries, especially those of high- 
and middle-level resources. Perhaps the most 
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Figure 1.—Spectrum of Adversaries’ Resource Requirements v. Technoiogies 
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SOURCE: Office of Technology Assessment, 1987 
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visible illustration of this is that of increas¬ 
ingly powerful personal computers, which 
make unauthorized access to communications 
and data easier. 

But the question remains: Should a business 
that communicates valuable, sensitive, per¬ 
sonal, or proprietary information be concerned 
about unauthorized access to messages trans¬ 
mitted over the public switched network? If 
history serves as a guide, we can expect few 
immediate changes in the confidentiality of pri¬ 
vate communications over public networks ex¬ 
cept where user demand is adequate to justify 


investment in safeguards. However, some cor¬ 
porate and Government users who face con¬ 
siderable risk in the event of such accesses (e.g., 
for communications deemed sensitive for na¬ 
tional security purposes or for electronic fund 
transfers) are taking steps to improve the con¬ 
fidentiality and integrity of their communica¬ 
tions (see ch. 5). 

Networks 

Early communications networks began as 
relatively simple point-to-point transmission 
systems. At first, telegraph and later voice- 
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modulated electronic signals, were transmitted 
exclusively over copper wires, and switching 
was accomplished manually. Such networks 
were vulnerable to eavesdropping by wiretap¬ 
ping. Today's networks, by contrast, consist 
of cables (copper wire, coaxial, and fiber op¬ 
tic), radio links (terrestrial and satellite), and 
other equipment providing a complex mix of 
services (voice, data, graphics, text, and video) 
through a variety of specialized interconnected 
networks. Figure 2 illustrates the complexity 
of modern networks. I n spite of the added com¬ 
plexity, however, vulnerabilities remain. 

Communication networks have also vastly 
expanded the ability of users, whether from 
an office building or home personal computer, 
to gain access to computers nationwide and 
even worldwide. The current movement toward 
a worldwide digital network is aimed precisely 
at increasing the accessibility of network ca¬ 
pabilities, enhancing the variety of services 
available, and lowering the costs of services. 

Transmission Systems 

Communications systems use two types of 
media to transmit signals: over-the-air sys¬ 
tems, such as radio transmissions; and conduc¬ 
tors, such as copper wire and coaxial or fiber 
optic cables. In general, over-the-air systems 
(e.g., cordless telephones) can be intercepted 
and systems that use conductors can be tapped. 
Some conductor-based transmission systems 
(eg., fiber optic cable) require sophisticated re 
sources to tap, while others r^uire minimal 
resources (taps of copper wires from wire 
closets). Whatever the form of transmission, 
it is not necessarily easy to render intercepted 
or monitored signals intelligible. 

Microwave Radio Systems 

Microwave radio systems, totaling 740 mil¬ 
lion circuit miles, carry most of the long-dis¬ 
tance communications messages transmitted 
within the United States (table l).®Systems 
operating at frequencies mostly between 2 and 
11 GHz (gigahertz or billion cycles per second). 


^'^Bellcore, Evolving Technologies: Impact on Information 
Security, Apr. 18, 1986. 


for example, provide high-capacity circuits 
that carry about two-thirds of all telephone toll 
calls today. They often use highly directional 
antennas to transmit signals between stations, 
typically spaced from 10 to 35 miles apart. 

Microwave systems are designed for a wide 
range of capacities, from as few as 24 voice 
grade circuits to as many as 2,400 circuits per 
radio channel. In addition, there are multiple 
radio channels in each of the many frequency 
bands that these systems operate in. For ex¬ 
ample, in the 6 GHz common carrier band, 
there are eight radiofrequency channels, each 
capable of carrying 2,400 voice grade circuits. 

Interception of point-to-point microwave 
transmissions is relatively easy if the inter¬ 
ceptor has technical information about the 
transmitter. Most such information is made 
available to the public by the Federal Commu¬ 
nications Commission (FCC). Interception of 
signals, however, is only part of an eavesdrop¬ 
per's job. The signals must be demodulated 
and demultiplexed, which can be done using 
the same type of equipment as used by com¬ 
mon carriers. But then an eavesdropper must 
also be able to sort through individual mes¬ 
sages and select those of interest. 


Table 1.—Bell System Circuit Miles of Carrier Systems 
Using Different Transmission Media 


Media _ 1975 

Analog: 

Paired wire.42 

Coaxial cable.142 

Radio.399 

Digital: 

Paired wire ,.58 

Coaxial cable . — 

Radio.— 

Fiber optic.— 

Subscriber.— 


Circuit miles at year end 
(In millions) 

1982a 


140 

221 

737 

138 

2 


6 (6270 installed 
in 1982) 

4 (9870 installed 
in 1982) 

8 (5470 Installed 
in 1982) 


®This list shows major categories of transmission media Although analog sys 
terns were still predominant, the growth of digital systems was almost three 
times faster from 1975 to 1982 Almost no new analog systems were added dur 
mg this period Comparable information is not available after 1982, but a sig¬ 
nificant commitment is being made to glass fiber systems especially by AT&T 


MCI and GTE 
SOURCE Bellcore 










Figure 2.—The Communications Network 
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Point-to-point systems are vulnerable to In¬ 
terception wherever there is sufficient radiated 
signal strength. The geographic area in which 
adequate signals can be received is generally 
very large. It can cover dozens of square miles 
in the paths of the antenna's radiation and in 
the vicinity of either the transmitter or receiver 
(figure 3). Custom-built receivers may be de¬ 
signed with greater sensitivity than those used 
by the common carriers in order to broaden 
the area of reception. 

Modern digital systems complicate Intercep¬ 
tion by unsophisticated adversaries, but they 
simplify the work of those that are more so¬ 
phisticated. Signals are transmitted as virtu¬ 
ally indistinguishable series of ones and zeroes, 
typically mixed together (multiplexed) with 
many other signals and encoded prior to trans¬ 
mission to reduce the total number of bits 
transmitted and thereby reduce bandwidth re 
quirements. Many systems also route differ¬ 
ent segments of the same transmitted signal 
over different paths. For adversaries with few 
resources, these conditions alone would rep¬ 
resent significant obstacles, particularly for 
targeted intercept!on.'"Other obstacles in¬ 
clude the need to record a large volume of data 
and process it to extract the message content. 

For adversaries with considerable resources, 
such as very powerful computer processing ca¬ 
pabilities and the equivalent of the switching 
and transmission facilities used by common 
carriers, targeted interception would not rep¬ 
resent a severe challenge. I ndeed, these adver¬ 
saries can sort messages to select those of in¬ 
terest and undo the various types of signal 
processing to recover the message content. To 
consistently intercept preselected targets in 
switched systems, potential adversaries must 
be able to carry out functions equivalent to 
those performed by the carriers' equipment. 
In addition, th^ need the ability to select those 
messages of interest and to operate covertly. 
This level of sophistication and investment is 
assumed to be beyond the means of any ad- 


1 / The M ITRE Corp., Study of Vulnerability of Electronic 
Communication Systems to Electronic Interception, vol 1, Jan¬ 
uary 1977, p. 96. 


versaries except those with considerable re¬ 
sources and motivation, principally because of 
the cost of such an operation. 

At the other extreme, there is inexpensive 
commercial equipment that can be used to in¬ 
tercept radio signals.'^Figure 4 illustrates 
the types of equipment needed and current 
prices, based on catalog advertisements. The 
equipment includes an antenna that can be 
pointed, low-noise amplifier, receiver, and 
^uipment to extract audio (and video) signals 
(i.e., demultiplex and demodulate them). De¬ 
pending on the particular equipment selected, 
the total price would range from $1,000 to 
$50,000. People skilled in the design of com¬ 
munications equipment could undoubtedly 
build their own units for less, however. 

Specialized Microwave Systems 

The Multipoint Distribution Service (MDS), 
authorized by the FCC in the early 1970s, uses 
broadcast microwaves to distribute video and 
other one-way communications locally. MDS 
transmitters use omnidirectional antennas to 
broadcast signals that are received by small 
parabolic (directional) antennas. MDS systems 
are typically used as a radio version of cable 
television and, infrequently, to provide one¬ 
way business or educational communications. 

A Digital Termination System (DTS) is 
another specialized microwave radio service 
that is similar to MDS in terms of its broad¬ 
cast of microwave signals. However, unlike 
MDS, DTS is designed for full two-way com¬ 
munications between stations. The mechanics 
of intercepting DTS transmissions are simi¬ 
lar to those involved with MDS or point-to- 
point microwave systems. Interception might 
be considered easier with DTS because of the 
clearer identification of the user's dedicated 
communications channel. 

Dedicated Lines 

Users who need to communicate extensively 
between two points often use dedicated or pri- 

'^Information Security, Inc., “Vulnerabilities of Public Tele- 
communications Systems, ” OTA contractor report, 1986. 



32 • Defending Secrets, Sharing Data: New Locks and Keys for Electronic Information 


Figure 3.—Example of Antenna Directivity Pattern 
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SOURCE: MITRE Corp., Study of Vulnerability of Electronic Communication Systems to Electronic Interception, VOI 1, January 1977 
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Figure 4.— Examples of Commercial Equipment for Interception of Microwave Radio Signals 


Antenna, low noise 
amplifier, motor drive 

Receiver 


Type of multiplexing 
and modulation 


Type of demodulation 
equipment needed 


FDM/FM 

TDM 

FDM/AM 

SCPC 


Demodulation/down 

conversion 


HF 

Digital 

Scanner 

Scanner 

AM/SSB 

TESTSETS 

VHF/UHF 

VHF/UHF 


Commercial equipment 


Approximate price 


Examples of 
Receiving 
equipment. 

Low noise amp.. 
Motor drive ‘ 


RAYDX 10.5 antenna, 
LUX or 990C receiver 

ALCOA 6.0 antenna, 
Uniden 2000 receiver 


$2,200 

Good quality reception 
$695 

Minimum quality reception 


Examples of 
Demodulation 
Equipment 


HF-AM/SSB ICOM R7000 $969 

HF-AM/SSB BEARCAT DX100C $285 

VFIF-UFIF Scanner Regency MX5000 $330 


Total system cost: Between $1,000 and $3,200 

SOURCE Information Security Inc using catalog prices from SATCOM, and SCANNER WORLD USA magazines, 1986 


vate line services. These are fixed circuit paths 
through some combination of terrestrial or sat¬ 
ellite microwave radio or wire transmission fa¬ 
cilities. Dedicated lines are commonly used to 
link corporations' main switching centers with 
one another, to link interactive computer sys¬ 
tems, and to link computer systems with re¬ 
mote terminals. Whereas ordinary dial-up calls 
might be routed along any of a number of paths 
depending on traffic loading conditions, dedi¬ 
cated circuits remain in place on the same 
transmission path. This simplifies the inter¬ 
ceptor's burden considerably, since the loca¬ 
tion of the user's dedicated line need be found 
just once. As an example of a part of a dedi¬ 
cated circuit, the local loop connecting the sub¬ 
scriber's premise with the local telephone com¬ 
pany's nearest office also provides a fixed path 
that is relatively easy to identify. 


Fiber Optic Communications 

Fiber optic cable is being installed rapidly 
by communications carriers in the United 
States, primarily for heavy traffic, long¬ 
distance routes, but also for many local uses. 
Local telephone companies installed more than 
62,500 miles of fiber in 1984 and 100,000 miles 
in 1985 for their local loops (connecting tele¬ 
phone offices with subscriber's premises). 
Another 285,000 miles of fiber were installed 
by the same companies during those years for 
interoffice trunking (table 2). 

Fiber optics is attractive, in part, because 
much higher data rates can be transmitted— 
about 1 gigabit per second currently—than 
using copper wire. One small cable containing 
two glass fibers can carry more than 15,000 
two-way voice telephone conversations, or the 
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Table 2—Telephone Company Fiber Applications 
(fiber miles in thousands) 


1984 1985 


Long Long 

Companv distance Loop distance Loop 

NYNEX. 25 15 50 25^ 

Bell Atlantic. 20 15 30 25 

BellSouth. 20 35 60 30 

Ameritech. 25 15 40 35 

SW Bell. 10 5 50 15 

U.S. West. 15 5 30 10 

Pacific Telephone. 20 15 40 25 

Independents.10 — 10 5 

Total. 145 105 310 170 


SOURCE: Annual Reports/Internal Siecor Estimates. 


equivalent in data signals, for up to 25 miles 
without requiring repeaters (amplifiers). Con¬ 
ventional telephone cables composed of 24 
gauge copper wires, in contrast, would require 
1,250 pairs of wires and repeaters spaced about 
1 mile apart in order to carry the same traffic. 
Further advances in fiber technology are 
widely expected. Fiber optics also is less ex¬ 
pensive than conventional cable, does not radi¬ 
ate energy under normal operating conditions, 
and is not as readily subject to passive or ac¬ 
tive interception as are radio signals or signals 
on copper wire. Figure 5 illustrates a typical 
fiber optic system. 

Satellite Communications Systems 

Satellites were first used for commercial 
telecommunications in the mid-1970s. Today, 
there are more than 100 satellites worldwide, 
with some two dozen providing domestic serv¬ 
ices for the United States. Still, satellites ac¬ 
count for only a small portion of domestic 
transmission capacity. In terms of domestic 
nonbroadcast channel capacity, they are be¬ 
ing outpaced rapidly by fiber optic cable. In¬ 
ternational communications services have, for 
the past decade, been provided about equally 


by satellite and cable facilities. This balance 
Is likely to shift sharply with the planned use 
of fiber optic cable for trans-Atlantic service 
beginning in 1988 and for trans-Pacific serv¬ 
ice in 1989. 

Satellite communications systems operate 
in much the same manner as microwave relay 
systems, except that the repeater or amplifier 
is in geostationary orbit 22,300 miles above 
the equator. Satellites accept signals from 
transmitting earth stations (the uplink), trans¬ 
late the signal to a different frequency band, 
and retransmit it at suitable power levels to 
receiving earth stations (the downlink). 

Some satellite networks are widely used for 
one-way distribution services, including cable 
and network television, and a variety of data 
services, such as financial information and 
weather reports. Two-way distribution serv¬ 
ices include point-of-sale transactions, data¬ 
base inquiries, and inventory control. Most of 
these applications use digital transmission and 
various techniques to share the satellite band¬ 
width among the users. 

The satellite "footprint," defined by the 
beamwidth of the spacecraft antenna, maybe 
contoured to the shape of the intended cover¬ 
age area, but is nevertheless likely to be thou¬ 
sands of miles across. The satellite channel is 
"visible' to all points within the coverage area 
and, therefore, readily interceptable within 
that area. The signals from many satellites 
may be received from locations beyond the 
borders of the contiguous U nited States. The 
key to targeted interception, consequently. Is 
determining which satellite and transponder 
channel frequencies are of interest. 

One of the simplest methods for intercept¬ 
ing subscription satellite signals was adver¬ 
tised until recently in an amateur radio pub¬ 
lication and sold for less than $100. The device 
used a short piece of wire, cut to the proper 












Figure 5—Typical Fiber Optic System 
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length for reception at the selected broadcast¬ 
ing frequency, and mounted in an ordinary 
metal coffee can. This apparatus was con¬ 
nected, through the printed circuit card pro¬ 
vided, to the lead-in wires of a television set. 
All that remained was to point the coffee can 
at the desired satellite, adjusting by trial and 
error until an adequate signal was received. 

These characteristics make communications 
satellites vulnerable to several different types 
of misuse. The uplinks can be overpowered by 
unauthorized users, whether intentionally or 
not, who transmit stronger signals than those 
used on the authorized uplink. This was the 
case in both of the April 1986 takeovers of the 
Home Box Office (HBO) channel in which a 
part-time satellite uplink operator and retailer 
of home receiving dishes overpowered the HBO 
uplink transmitter signal with an unauthorized 
one and put his own message on the screens 
of some 8 million viewers.'Mn addition, the 
downlinks can be jammed by bogus earth 
transmitters. 

Other vulnerable parts of communications 
satellites include the transponders, whose life¬ 
times can be severely shortened by excessive 
received signal strength and unprotected 
telemetry systems, which might be manipu¬ 
lated to move the satellite out of its intended 
orbit.”Broadcasters and communications 
carriers are especially concerned about jam¬ 
ming since the former could lose millions of 
dollars if advertisements are interfered with 
and the latter could lose many tens of millions 
of dollars if a satellite's lifetime is prematurely 
shortened. Both groups, therefore, want to 
shift to a less vulnerable transmission system, 
such as fiber optic cable, if capacity expands 
sufficiently. '' There are also concerns about 


‘ Tor a detailed review, see Donald Goldberg, “Captain Mid¬ 
night, HBO, and World War 3,” Mother Jones, October 1986, 

p. 26. 

'^The range of vulnerabilities of commercial communications 
satellites were discussed in some detail by representatives from 
HBO, CBS Technology Center, and MA-COM, Inc., at a semi¬ 
nar at the Massachusetts Institute of Technology on Oct. 16, 
1986. Also discussed were a number of safeguards that are be¬ 
ing considered for current and, especially, future satellites. 
‘“Ibid. 


the survivability of satellite communications 
systems in times of national emergency.” 

Mobile Radio and Cordless Telephone Systems 

Land mobile telephone service typically pro¬ 
vides two-way, voice-grade communications 
between abase station and mobile units or be¬ 
tween two mobile units. The mobile unit is 
most commonly a car phone, although some 
"briefcase phones" have recently appeared on 
the market. The use of these systems is grow¬ 
ing by about 20 percent annually. In addition, 
one-way paging services have become very 
popular recently. 

The antennas for these units transmit omni¬ 
directionally. Cellular mobile systems use a 
base station in each cell to communicate with 
all mobile units within that cell. A relatively 
small number of frequencies are needed for 
each cell. Inexpensive scanners can be used to 
monitor for mobilecall signals and to tune in 
to the next call made. Each call transmitted 
from the base station is addressed to a par¬ 
ticular mobile unit within the cell, making tar¬ 
geted, passive eavesdropping simple as long 
as the eavesdropper knows the telephone num¬ 
ber of interest and the cell the target is in. 

Cordless telephones substitute a duplex 
(two-way), low-power radio link for what other¬ 
wise would be a very long extension cord. Their 
growing popularity and the relatively small 
number of channels available have created 
problems for some users. A cordless phone al¬ 
ways uses the same channel in the same small 
area; thus, these phones are much easier to tar¬ 
get by eavesdroppers. Nearby users with the 
same frequency channel pair can listen to their 
neighbors' calls simply by listening with their 
own cordless units. In addition, some people 


i6See “Commercial Satellite Communications Survivability 
Report, ” prepared for the National Security Telecommunica¬ 
tion Advisory Committee (NSTAC), May 20, 1983. This report 
notes that: 

... commercial satellite communications systems are vulnerable 
to hostile actions which would deny service in emergency situa¬ 
tions, particularly actions by a relatively unsophisticated 
antagonist—the so called “cheap shot” attach. For example, to¬ 
day’s satellite command links provide only modest protection 
against electronic intrusion. Also, in nuclear war, some of the 
control facilities of satellite systems would become unusable. 
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have intentionally used their remote units to 
initiate calls by triggering other parties' base 
units, thus avoiding having to pay for the call 
since the related bill (usually for along-distance 
call) is sent to the base unit owner. This 'theft 
of dial tone" is possible when the base unit does 
not have appropriate security features."' 

Mobile and cordless radio have much in com¬ 
mon, but two main differences involve signal 
range and the ease with which an adversary 
may target on particular users. Although cord¬ 
less phones are easy to target, their range is 
typically no more than 1,000 feet, while con¬ 
ventional mobile radio signals may be received 
at a distance of 20 to 30 miles. Newer cellular 
mobile phones have a smaller range and use 
a variety of channels and base stations as they 
move from cell to cell, making them slightly 
harder to pinpoint. 


Other System Components 
Switching Systems 

I n addition to the transmission paths that 
connect end users and network nodes, and the 
network nodes to each other, switching sys¬ 
tems located at the network nodes provide op¬ 
portunities for misuse. Thousands of commu¬ 
nications lines are concentrated at these nodes. 
With the use of telephone company records, 
individual circuits assigned to particular cus¬ 
tomers can be identified. In order to reduce op¬ 
portunities for potential misuse of these rec¬ 
ords, the operating companies must carefully 
limit both physical and remote access to these 
nodes. The necessary precautions are the same 
as those described below in connection with 
the security of computer systems. 

Most electromechanical switching systems 
require frequent maintenance, particularly 
those that serve large numbers of customers. 
On the other hand, stored, program-controlled 
switching systems of comparable size require 
less frequent onsite maintenance since many 
of their functions can be controlled electron!- 


''See Federal Communications Commission, “Further Notice 
of Proposed Rulemaking, ’ Docket 83-325, released May 23, 1984. 


cally from remote, centrally located mainte¬ 
nance sites. From these sites, however, access 
can be gained to an even greater number of 
communications channels. This is an impor¬ 
tant reason for controlling both physical and 
remote access to these nodes. A special con¬ 
cern is electronic access to the processor used 
to control these switching systems: A knowl¬ 
edgeable individual, for example, could sabo¬ 
tage or manipulate the switching system (e.g., 
by rerouting calls destined for one person to 
another) without physical access to the switch¬ 
ing systems. 

Switching systems are equipped with cir¬ 
cuitry designed to permit operators to verify 
that busy lines are actually in use and, in an 
emergency, to interrupt ongoing conversa¬ 
tions. By the very nature of the circuitry's de¬ 
sign, it would permit monitoring of conversa¬ 
tions if protections were not incorporated. 1 n 
fact, current versions of this circuitry have 
scramblers built in and, if interruption is re¬ 
quired, periodic audible tone bursts are used 
to alert the users that a third party has joined 
their conversation. 

Signaling Elements 

Signaling is another element of communica¬ 
tions systems that may provide opportunities 
for abuse. Signaling is normally used to send 
the destination address data between switch¬ 
ing network nodes. There are signaling meth¬ 
ods that use either slowly pulsed direct current 
or voice band tones that are in predominant 
use between customers' premises and the lo¬ 
cal telephone office.^ These are used for voice 
and a substantial number of data communica¬ 
tions. Both of these signaling methods can 
be monitored, using methods described above 
for monitoring communications, allowing an 
eavesdropper to intercept not only message 
content but also its destination. 

Carriers use pen registers and modern dialed 
number recorders to monitor destination ad¬ 
dress signals. A new type of digitally coded 

“’Some data communications only use these signaling meth¬ 
ods to direct a call through the telephone network to a packet 
switched network and thus information about the destination 
address is of limited value to an adversary. 



38 . Defending Secrets, Sharing Data: New Locks and Keys for Electronic information! 


address signaling is now used in connection 
with some data communications networks, 
such as packet networks. This type of signal¬ 
ing is also used for inter node signaling in 
AT&T's common channel interoffice signaling 
system (CCIS) and some other networks. Sep¬ 
aration of signaling information from message 
content increases the confidentiality of mes¬ 
sages provided the eavesdropper does not have 
access to the signaling data. The CCIS en¬ 
crypts the signaling Information sent between 
nodes. 

Operational Support Systems 

In addition to the transmission, switching, 
and signaling components, communications 
systems include supporting equipment for test¬ 
ing, repairing, and maintaining customer 
records. The information stored in these sys¬ 
tems could be valuable to a person seeking to 
intercept communications. Access to this in¬ 
formation can be limited by time of day, ter¬ 
minal location or function, physical access, log¬ 
on identification passwords, authorization ver¬ 
ification, and audit trail records. 

A testing system is another type of opera¬ 
tional support system. Testing systems can 
gain access to specific trunk and line circuits, 
and thus provide an opportunity to either mon¬ 
itor communications or obtain information re¬ 
garding communication links. These systems 
are often protected by many of the same tech¬ 
niques described above. 

Commercial Availability of 
Interception Equipment 

The very technologies that make possible 
continued improvements in communications 
and computer processing also lend themselves 
to illicit purposes. The successful disruption 


of the HBO satellite broadcast in April 1986 
shows that some of these systems are no bet¬ 
ter protected against such attacks than against 
passive interception. This may be changing as 
a result of the HBO experience. The satellite 
transponder cannot distinguish between the 
legitimate signal and a bogus one—it simply 
selects the stronger signal .“In the HBO case 
noted earlier, the "adversary' or hacker was 
sophisticated technically and had access to 
commercially available and relatively inexpen¬ 
sive transmitter equipment, as well as infor¬ 
mation in the public domain concerning the sat¬ 
ellite's location and transponder frequency. 

In a completely different part of the network, 
wiretapping of telephone lines remains one of 
the simplest forms of eavesdropping, as long 
as physical access to wire closets and other in¬ 
terconnection points are generally access!- 
ble.^Certain types of wiretaps cannot be de¬ 
tected by electronic means, and some wiretaps 
can be performed using equipment costing as 
little as $12.^"A wiretap is sufficiently easy 
to install that even a 9-year-old can do it." 
Rooftop terminal junction boxes and residen¬ 
tial junction boxes are often readily accessi¬ 
ble to potential wiretappers. In contrast, when 
fiber optic cable is used to connect the user's 
premises to the carrier's facility (the local loop), 
tapping the fiber cable requires more sophis¬ 
ticated and expensive equipment and skill. 


‘(’’’Mystery Broadcast Overpowers HBO, ” Institute for Elec¬ 
trical and Electronics Engineers, THE INSTITUTE, yo\. 10, 
No. 10, October 1986, p. 1. 

^"In one of the relatively few examples in which telephone 
taps are uncovered, a tap and electronic bugging equipment 
were recently reported discovered in the office of the governor 
of New Mexico. “Capitol Bug Found, ” Washington Post, Jan. 
10, 1987, p. A8. 

‘“’'Ross Engineering Associates, “Telephone Taps, ” OTA con' 
tractor report, November 1986. 

^“’Ibid. 
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Rooftop Terminal Junction Box 


VULNERABILITIES OF COMPUTER SYSTEMS’ 


Background 

In a simplified form, computer security is 
the ability of ensuring that people use infor¬ 
mation systems only as they are supposed to. 
This involves protecting: 

Zthe system itself against failures, whether 
caused by deliberate misuse, human error, 
or technical problems; and 

Z the information in the system to ensure 
that it is seen and used only by those who 
are authorized to do so and that it is not 
accidentally or maliciously disclosed or 
modified. 

Computer "hackers" aside, it is even more 
important to recognize that information secu¬ 
rity is much broader than just protection 
against those who would penetrate informa¬ 
tion systems from the outside. People within 
organizations are perhaps even more likely to 
misuse information systems, including un¬ 


^'Because this report emphasizes telecommunications secu¬ 
rity, the treatment of computer security is brief. For more in¬ 
formation on computer secmity, see U.S. Congress, Office of 
Technologj' Assessment, Federal Government Information 
Technology: Management, Security, and Government Over¬ 
sight, OTA-C I T-297 (Washington, bC:U, S. (iovernment Print¬ 
ing Office, February 1986). 


authorized actions by those who are author¬ 
ized to use the system. I n addition, technical 
failures can be caused by natural disasters. 

The rapid evolution of computer technology, 
and society's growing dependence on it, have 
important implications for information secu¬ 
rity. Three distinct kinds of technical trends 
can be identified that have security implica¬ 
tions—the growth of large-scale computers, the 
evolution of microcomputers, and changes in 
computer software. 

Large-Scale Computers 

Advances in large-scale computing have dra¬ 
matically lowered the cost of computation. 
The power of machines relative to their cost 
and size has been increasing during the last 
30 years by more than a factor of 10 per dec¬ 
ade and is likely to continue increasing for the 
foreseeable future. These changes have been 
complemented by magnetic (and more recently 


"Un this analysis, a “large-scale” computer generally means 
a machine that is intended to serve multiple users performing 
different tasks at the same time, that is generally not consid¬ 
ered to be a “desk-top’ or “personal’ computer, and that stores 
data on large-scale magnetic (or optical) disks rather than floppy 
disks or small, hard disk drives. 
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optical) disks that can hold greater and greater 
amounts of information on each disk. Commu¬ 
nication between computers has also become 
considerably more pervasive and efficient- 
line speeds are higher, protocols and techni¬ 
cal standards have been established, and com¬ 
munications systems are generally evolving 
from analog links to digital technology. 

These increasingly powerful machines have 
also become much more pervasive in society. 
Figure 6 shows that the number of mainframe 
computers operated by the Federal Govern¬ 
ment has increased from about 11,000 in 1980 
to 27,000 in 1985, with most of the increase 
coming in the Department of Defense. Perhaps 
more important, figure 7 shows that the points 
of access to Federal computers have Increased 
geometrically in recent years, from roughly 
36,000 terminals in 1980 to 173,000 terminals 
in 1985. Table 3 indicates similar trends in sales 
of large-scale host computers in the United 
States from 36 units in 1965 to more than 1,600 
in 1985. 

These trends-increased power and use of 
large-scale computers—have strong implica¬ 
tions for security. First of all, the changes have 
resulted in increased dependence on informa- 


Table 3.—Sales of Large-Scale Host Computers 
in the United States 


Year Units Value 

1965 . 36 $200 million 

1976 . 514 $ 2.2 billion 

1977 . 611 $ 2.4 billion 

1978 .1,009 $ 3.9 billion 

1979 .1,461 $ 5.3 billion 

1980 ., .1,328 $ 4.8 billion 

1981 . 887 $ 3.9 billion 

1982 .1,448 $ 6.8 billion 

1983 .1,836 $ 8.1 billion 

1984 .2,420 $ 9.0 billion 

1985 .1,617 $ 9.3 billion 

1986 (estimated) .1,800 $ 9.7 billion 

1987 (estimated) .2,090 $10.2 billion 

1988 (estimated) .2,070 $10.6 billion 

1989 (estimated) .2,200 $11.5 billion 

1990 (estimated) .2,300 $12.1 billion 


NOTE: Large, scale host computers are those machines serving more than 128 
users in a normal commercial envi ronment Th is defi nition is not neces¬ 
sarily the same as that used in figure 6 

SOURCE International Data Corp 

tion technology generally. That means that vir¬ 
tually all Government agencies and private 
organizations are more susceptible to techni¬ 
cal sabotage or failure of their computers. But 
it also means that there is more information 
stored in computers, that this information is 
often accessible to more people, and that this 
information is accessible at a distance via 
telecommunications linkages. 


Figure 6.— Mainframe Computers in Federai Agencies 

1985: Total reported = 26,682 


1980” Total reported = 11,305 
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Reported numbers of mainframe 
computers in Federal agencies 



Agency 

1980 

1985 


USDA 

13 

23 


DOC 

967 

915 


DoD 

3,765 

17,565 


Education 

3 

6 


DOE 

3,718 

2,781 

^DOC 

DHHS 

48 

106 

J 

HUD 

3 

7 

IaiI others 

DOI 

81 

250 

1 

Just Ice 

28 

75 

fTreasury 

DOL 

11 

15 


State 

5 

6 


DOT 

16 

15 


Treasury 

205 

1,030 


20 small agencies 

2,443 

3,888 


Total 

11,305 

26,682 


DOE 


20 small agencies 


NOTE’ Consistency in definitions of “mainframe” central processing units cannot be assured because of different Interpretations of the term Definitions may not 
agree with definition of large host computers in table 3 

SOURCE” OTA Federal Agency Data Request 
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Figure 7.—Computer Terminals in Federal Agencies 
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On the other hand, the increased power and 
sophistication of large-scale computers also 
means that more sophisticated saf^uards are 
more practical than they were with smaller 
computers. These safeguards include "audit 
programs that log the actions of each user and 
more powerful access controls. These and other 
safeguards are discussed in chapter 4. 


M icrocomputers 

Changes in smaller desk-top or personal com¬ 
puters have been even more striking and rapid 
than those in large-scale machines. Since the 
first microcomputer was commercially pro¬ 
duced in the mid- 1970s, these devices have pro 


grossed to a point where their speed and power 
nearly equal that of mainframe computers a 
decade ago. These improvements are largely 
due to the increasing number of circuits that 
manufacturers can put on a single microproces¬ 
sor chip. Figure 8 shows the geometric in¬ 
creases in the complexity of these chips, which 
has led to a declining cost per unit of comput¬ 
ing power. 

Microcomputers have also changed from an 
obscure hobbyist item to a standard and nec¬ 
essary piece of equipment in many homes, bus¬ 
inesses, and Government offices. Figure 9 
shows that the number of microcomputers in 
the Federal Government rose from only a few 
thousand in 1980 to about 100,000 in 1985. Ta- 
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Figure 8.—Trends in Component Density, Siiicon 
Production, and Gaiiium Arsenide Announcements, 
1960 to 1990 



SOURCE: AT&T Bell Telephone Laboratories 

ble4 shows comparable trends in the Nation 
as a whole, with sales of personal computers 
rising from 380,000 in 1980 to almost 6 mil¬ 
lion in 1985. 

Microcomputers are computers in their own 
right and thus require appropriate adminis¬ 
trative and technical security measures to safe 
guard the information they process. Also, 
microcomputers can be networked and/or func¬ 
tion as "smart" terminals to larger computer 
systems. Thus, the rapid proliferation of micro¬ 
computers cannot only place computing power 
in the hands of an increasing number of com¬ 
puter-literate individuals, but also can decen¬ 
tralize data processing capabilities. For exam¬ 
ple, employees of many firms or Government 
agencies are able to collect and manipulate in¬ 
formation on their own desk-top microcomput¬ 
ers. Additionally, they are to able use these 
microcomputers to copy or "download" large 
amounts of information from the organiza¬ 
tion's central computer and also to "upload" 
information they have collected or manipulated 
into the central computer files. 

The expanding use of microcomputers can 
have an adverse effect on security if the appro¬ 
priate security policies, procedures, and prac¬ 
tices are not in effect. For instance, in a com¬ 
puter system that is not organized so as to 
control and monitor users' access to data files 


Table 4.—Sales of Personal Computers 
in the United States 


Value 
(billions of 

Vear_ Units (thousands) dollars) 

1980 . 379 1.1 

1981 . 644 1.9 

1982 . 2,884 4.2 

1983 . 5,872 8.7 

1984 . 6,586 13.0 

1985 . 5,689 13.3 

1986 (estimated). 6,633 14.6 

1987 (estimated). 7,414 15.9 

1988 (estimated). 8,262 17,7 

1989 (estimated). 9,317 19.8 

1990 (estimated). 10,120 21.6 


SOURCE: International Data Coro 


and constrain the data transactions that au¬ 
thorized users are permitted to perform, users 
can copy or manipulate data in an essentially 
uncontrolled fashion. There is a growing ar¬ 
ray of add-on microcomputer security products 
that address security problems of this sort, as 
well as an increasing awareness of the impor¬ 
tance of using these safeguards. Also, the ca¬ 
pability (at the mainframe computer) to con¬ 
trol the downloading/uploading of data files 
is well within current technology. However, ac¬ 
tual practice often falls short of the Ideal, par¬ 
ticularly in firms that do not recognize the 
value of electronic information in microcom¬ 
puters and the importance of safeguarding it. 

Using microcomputers instead of "dumb" 
terminals, on the other hand, can help if good 
security practices control the downloading and 
uploading of data files and if the system is con¬ 
figured properly. For example, data integrity 
can be improved by procedures requiring au¬ 
thorized users to make additions, corrections, 
or other modifications to large data files on 
a microcomputer. If the modified data are 
checked, and only then uploaded to the main 
computer files, then the probability of acciden¬ 
tal or malicious deletions of main files, for in¬ 
stance, can be reduced. 

Software 

Technical sophistication in software and in 
databases has progressed more slowly than 
hardware advances. In fact, many people now 
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Figures. — Microcomputers in Federai Agencies 
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recognize that software is the bottleneck for 
many prospective applications of information 
technology. Nevertheless, the past two decades 
have seen significant increases in the size of 
databases that can be reasonably accommo¬ 
dated by software and in the sophistication of 
the software itself. This means, for example, 
that software can link disparate pieces of in¬ 
formation in a database more readily and that 
users can make inquiries of databases using 
more natural commands. 

These changes give more people direct ac¬ 
cess to computerized data and the databases 


contain far more information that is subject 
to both authorized and unauthorized use. Fur¬ 
ther, although not a subject of significant con¬ 
cern to many users, some security experts con¬ 
sider that the inferential ability to link pieces 
of information in a database or from different 
databases can have subtle but important im¬ 
plications for security. To date, most attention 
to this type of problem has been on the part 
of the defense and intelligence communities, 
but the problem can be more general. Even 
when the most sensitive information is unavaila¬ 
ble, an adversary can infer critical data by 
combining pieces of apparently innocuous in- 




44 • Defending Secrets, Sharing Data: New Locks and Keys for Electronic information 


formation (e.g., determining information about 
the design of a company's product from its 
orders for raw materials). 

The Extent of Computer Misuse 

A variety of recent studies have indicated 
substantial increases in computer misuse. 
However, information availabie about the ex¬ 
tent of computer misuse is spotty. Moreover, 
these studies suffer from serious shortcomings 
that make generalizations difficult (large suc¬ 
cessful frauds are often not reported, let alone 
prosecuted). 

The most significant studies and findings 
include: 

• The American Bar Association's 1984 
"Report on Computer Crime. " In a sur¬ 
vey of 283 public and private sector orga¬ 
nizations, ABA found that 25 percent of 
the respondents reported "known and ver¬ 
ifiable losses due to computer crime dur¬ 
ing the last 12 months. " 

• The American Institute of Certified Pub¬ 
lic Accountants 1984 "Report on the 
Study of EDP-Related Fraud in the Bank¬ 
ing and Insurance Industries. " AlCPA 
surveyed 5,127 banks and 1,232 insurance 
companies. Two percent of the banks and 
3 percent of the insurance companies said 
they had experienced at least one case of 
fraud related to electronic data process¬ 
ing. Sixteen percent of the frauds were re¬ 
ported to involve more than $10,000, al¬ 
though that figure does not reflect funds 
that were recovered. 

• The President's Council on Integrity and 
Efficiency issued "Computer-Related 
Fraud in Government Agencies: Perpetra¬ 
tor I nterviews, "in May 1985. The Coun¬ 


cil surveyed Federal agencies and found 
a total of 172 relevant cases of computer 
fraud or abuse. The losses in fraud cases 
ranged from zero to $177,383, with the 
highest proportion in the $10,000 to 
$100,000 range. 

• The Department of J ustice's Bureau of 
Justice Statistics 1986 report "Electronic 
Fund Transfer System Fraud. "This re¬ 
ported a study of fraud related to the 
transfer of electronic funds in key banks. 
The study estimated that banks nation¬ 
wide lost $70 million to $100 million an¬ 
nually from automatic teller fraud. It also 
examined losses from wire transfers, al¬ 
though there were insufficient data to esti¬ 
mate national loss levels. Twelve banks 
reported 139 wire transfer fraud incidents 
within the preceding 5 years, with an aver¬ 
age net loss (after recovery efforts) per in¬ 
cident of $18,861. However, the loss expo¬ 
sure or the potential loss per wire transfer 
incident averaged nearly $1 million. 

• Security magazine and the Information 
Systems Security Association surveyed 
their subscribers and members in 1985 
and 1986. Eighteen percent of the 1986 
respondents reported that their company 
had detected a computer crime in the last 
5 years, compared with 13 percent re¬ 
ported by the 1985 respondents. The re¬ 
spondents rated the threats to computers, 
in descending order: unauthorized use by 
employees, routine errors and omissions, 
carelessness with printouts, theft of com¬ 
puters, fire damage, use/misuse by out¬ 
siders, and vandalism. 

While these studies are far from conclusive, 
it is apparent that deliberate misuse of com¬ 
puters is a significant and growing problem. 


TYPICAL VULNERABILITIES OF INFORMATION SYSTEMS 


The combined advances in communications 
and computer technologies have resulted in in¬ 
formation systems that are an order of mag¬ 
nitude more complex than those of 10 or 20 


years ago. Not only is computing power greatly 
increased, but it is also more decentralized— 
and communication between computers and 
interconnected devices has become far more 
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pervasive. In some ways, this has improved 
security in that, for example, information is 
no longer stored in just one large computer, 
which could result In chaos If it failed. On the 
other hand, information systems are much 
more extensively linked and interdependent, 
and the number of points from which techni¬ 
cal failure, deliberate misuse, or accidental er¬ 
rors could cause serious problems has increased 
geometrically. 

To illustrate the numerous vulnerabilities of 
computer systems, figure 10 presents a sche¬ 
matic diagram of a typical information system. 
The circled letters in the figure correspond to 
certain types of vulnerabilities (discussed be¬ 
low) that encompass the vast majority of po¬ 
tential problems caused by deliberate misuse 
of computer systems. Some problems are more 
important in some systems than in others and 
potential adversaries may be more or less so¬ 
phisticated. As will be seen in chapter 4, good 
security practices would require security offi¬ 
cials to perform an analysis of each system to 
determine which vulnerabilities and threats are 
most significant and what protective measures 
would be most appropriate and cost-effective. 

The first two kinds of vulnerabilities do not 
require direct on-line access to data and, gen¬ 
erally, an adversary needs relatively few re¬ 
sources to exploit them. The first (a) is theft 
of storage media that contains valuable data. 
Theft (or copying) of personal computer dis¬ 
kettes, for example, can be particularly easy 
because personal computer users often do not 
lock up their diskettes. Similarly, theft of print¬ 
outs (b), especially discarded ones, is typically 
quite easy and has been the source of a signifi¬ 
cant amount of computer abuse. The printouts 
may contain valuable competitive information 
or account and password information that al¬ 
lows an unauthorized person to later gain elec¬ 
tronic access to the system. 

The next type of vulnerability is misuse of 
computer systems by those who are author¬ 
ized to use them (c). The misuse can consist, 
for example, of stealing corporate secrets, 
changing personnel information, causing falsi¬ 
fied checks to be written, or damaging data¬ 
bases. This type of misuse typically requires 


only a moderate level of sophistication on the 
part of the perpetrator, although in some cases 
(e.g., falsified disbursements) it requires col¬ 
lusion between two or more workers. 

Moving up one step further in level of ad¬ 
versary, outsiders who gain unauthorized ac¬ 
cess to a computer system can perpetrate the 
same kinds of misuse. This usually requires 
covertly obtaining an account name and pass¬ 
word by, for example, looking over the shoul¬ 
der of an authorized user, finding a discarded 
computer printout, using codes written on 
cards or pieces of paper taped to the terminal, 
or simply guessing. Such an outsider could ei¬ 
ther seek to gain access to an authorized user's 
local terminal or personal computer (c)or could 
try to access the system from a remote loca¬ 
tion via phone lines (d). Access via phone lines 
/s inherently less risky for the perpetrator since 
it is often less protected by security measures 
than local access. The dangers of hobbyists 
prowling in computers via phone lines are often 
overstated compared with misuse by those au¬ 
thorized to use computer systems. However, 
it is likely that long-distance computer abuse 
will continue to grow and more serious adver¬ 
saries (e.g., technically adept criminals, includ¬ 
ing organized crime) will be involved. 

Computer system operators (e), such as 
programmers and managers, sometimes have 
access to user passwords. Although this is be¬ 
coming less common, they still generally have 
access to stored files unavailable to other users. 
In particular, programmers have the techni¬ 
cal expertise to perpetrate sophisticated sab¬ 
otage and misuse, including such exotic at¬ 
tacks as "logic bombs" that render a system 
unusable after a specified period of time or at 
a specific time (often after the disgruntled 
programmer is no longer employed at the site). 

The last two vulnerabilities, eavesdropping 
on computer transmissions through either tele 
communications links (f) or local connections 
(g), are discussed in previous sections of this 
chapter. Chapter 4 describes some of the safe¬ 
guards that have been developed to address 
these vulnerabilities and prevent such crimes 
in the future. Figure 11 shows how these safe¬ 
guards can be used i n computer networks. 
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Figure 11 .—Technical Safeguards for 
Computer Systems 
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Chapter 4 

Security Safeguards and Practices 


FINDINGS 

• Technical safeguards for computer and communications systems are still evolv¬ 
ing, as are users' understanding of their needs for them. Products and systems 
are available for controlling access and auditing use and for encrypting data. 

• Technical safeguards alone cannot protect information systems completely. Ef¬ 
fective information security requires an integrated set of safeguard technol¬ 
ogies, management policies, and administrative procedures. 

• Information security hinges on the security of each segment of the increasingly 
intertwined computer and communications network. 

• A number of important techniques are emerging to verify the identities of the 
senders of messages, authenticate their accuracy, and ensure confidentiality. 
Mathematical techniques using cryptography cannot only provide improved 
information security, but also broaden the applicability of electronic transactions 
in commerce. 

• The Federal Government has played an important role in promoting technical 
standards for selected information safeguards, particularly for cryptography. 
Yet, the public position of the Government in general and the National Security 
Agency, in particular, has been inconsistent. This inconsistency is especially 
apparent in providing Federal leadership for the development of information 
security standards; e.g., in NSA's reversal of endorsements of an open encryp¬ 
tion aigorithm and of dependence on consensus agreement in deveioping encryp¬ 
tion-based security standards. 

• Questions are being raised about the efficacy of the NSA's developing unified 
sets of standards and guidelines for government-wide and private nondefense use. 


INTRODUCTION 


Technoic^y that can heip promote informa¬ 
tion security can be divided into administra¬ 
tive, physical, and technical measures. Figure 
12, which shows exampies of each of these cat¬ 
egories, demonstrates the diversity of safe¬ 
guard applications and the range of approaches 
to improved safeguards.' 


This section examines safeguards for both computers and 
communications since many of the measures discussed apply 
to both. 


Like the range of threats and vulnerabilities 
that afflict different information systems, 
there is a wide range of safeguards that can 
help protect them. Although administrative 
and procedurai measures are also fundamen¬ 
tally important to good overall security, this 
chapter concentrates primarily on technical 
safeguards. These include the following: 

• Encryption, which can be used to encode 
data prior to transmission or while stored 
in computers, to provide an electronic 
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Figure 12.—Common Administrative, Physicai, and 
Technicai Information Security Measures 


Administrative security measures: 

• Background checks for key computer employees. 

• Requiring authority of two employees for disbursements. 

• Requiring that employees change passwords every few 

months, do not use the names of relatives or friends, and 
do not post their passwords in their offices. 

• Removing the passwords of terminated employees quickly. 

• Providing security training and awareness programs. 
ZEstablishing backup and contingency plans for disasters, 

loss of telecommunications support, etc. 

• Storing copies of critical data off-site. 

• Designating security officers for information systems. 

• Developing a security policy, including criteria for sensi¬ 

tivity of data. 

• Providing visible upper management support for security. 

Physicai ecurity measures: 

• Locking up diskettes and/or the room in which microcom¬ 
puters are located. 

• Key locks for microcomputers, especially those with hard 
disk drives. 

• Requiring special badges for entry to computer room. 

• Protecting computer rooms from fire, water leakage, power 
outages. 

• Not locating major computer systems near airports, load¬ 
ing docks, flood or earthquake zones. 

Technicai security measures: 

• “Audit programs that log activity on computer systems. 

• Access control systems that allow different layers of ac¬ 
cess for different sensitivities of data. 

• Encrypting data when it is stored or transmitted, or using 
an encryption code to authenticate electronic transactions. 

• Techniques for user identification, ranging from simple 
ones such as magnetic stripe cards to more esoteric “bi¬ 
ometric” techniques, which rely on hand or eye scanners 
(just beginning to be used). 

• “Kernel’ ’-based operating systems, which have a central 
core of software that is tamperproof and controls access 
within the system. * 

• “Tempest” shielding that prevents eavesdroppers from 
picking up and deciphering the signals given off by elec¬ 
tronic equipment • 

• Generally used only in military or other national security applications in the 
United States. 

SOURCE” U S Congress, Office of Technology Assessment, federal Government 
Information Technology Management, Security, and Congressional 
Oversight, OTA. CIT-297 (Washington, DC:U.S Government Printing 
Office, February 1966), p 61 


"signature," and to verify that a message 
has not been tampered with. 

• Personal identification and user verifica¬ 
tion techniques, which can help ensure 
that the person using a communications 
or computer system is the one authorized 
to do so and, in conjunction with access 
control systems and other security pro¬ 
cedures, that authorized users can be held 
accountable for their actions. 


• Access control software and audit trails, 
which protect information systems from 
unauthorized access and keep track of 
each user's activities. 

• Computer architectures that have been 
specifically designed to enhance security. 

• Communications linkage safeguards, 
which hamper unauthorized access to 
computers through phone lines. 

The systems of safeguards that are being de¬ 
veloped fall into categories that control access 
to data or monitor user activities and others 
that protect the integrity of data, e.g., verify 
its accuracy. Technology is paving the way for 
further improvements in these and still other 
categories. Systems that will combine im¬ 
proving message integrity with preventing un¬ 
authorized activity are beginning to set the 
stage for major new applications with broad 
commercial applications. 

Security is never just a "black box" of tech¬ 
nical safeguards that can be purchased and 
added to computer or communications sys¬ 
tems. Moreover, technical measures would be 
fruitless unless accompanied by suitable pol¬ 
icies and administrative procedures. For secu¬ 
rity measures to be effective, they must be 
planned for and managed throughout the de¬ 
sign and operation of computer and commu¬ 
nications systems. This chapter, however, 
mainly discusses the technology of safeguard¬ 
ing information systems. 

I n addition, for many types of users, the com¬ 
bination of reasonable effectiveness and con¬ 
venience are more important than extremely 
high security. Determining which safeguards 
are appropriate for a particular computer or 
communications system requires an analysis 
of such factors as the value of the information 
at risk, the value of the system's reliability, 
and the cost of particular safeguards. Security 
experts disagree about how this "risk analy¬ 
sis" ought to be conducted and about the prob¬ 
lems with, and validity of, risk analyses. But, 
some form of risk analysis-whether formal or 
informal, quantitative or qualitative-remains 
the chief means by which managers can assess 
thei r needs and eval uate the costs and bene¬ 
fits of various security measures. 
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The National Bureau of Standards (NBS) has 
played an important role in developing com¬ 
puter security standards. This role has become 
complicated by the recent entry of the NSA 
into the standards arena and by NSA efforts 
to develop comprehensive standards suitable 
for al I users' needs. 

There are four driving forces behind the 
emergence of the new safeguard technologies: 

1. developments in microelectronics and in¬ 
formation processing, such as smart cards 
and other hardware implementing encryp¬ 
tion algorithms; 

z. developments in cryptography, such as 
asymmetric and public-key ciphers; 

3. developments in the mathematics under¬ 
lying signal processing and cryptography; 
and 

4. developments in software, particularly for 
processing biometric personal identifica¬ 
tion data. 

A number of technologies exist that can ver¬ 
ify that individual users are who they claim 
to be. Similarly, technologies exist to authen¬ 
ticate the integrity of a message and to ensure 
its confidentiality. These developments are be¬ 
ing applied mainly to solve some of today's 
problems concerning information security. 

Technologies for user verification, often in¬ 
tended for use in conjunction with other ac¬ 
cess control systems, include: hand-held pass¬ 
word generators, "smart" key cards with 
embedded microprocessors, and a number of 
personal identification systems based either 
on biometric measurements or other individ¬ 
ual characteristics. Message authentication 
techniques rely on combinations of encrypt¬ 
ing and/or "hashing" schemes to create a code 
authenticating the accuracy of a message's 
content. A variation of this technique can pro¬ 
vide a "digital signature" that not only authen¬ 
ticates the message, but also establishes the 
identity of its sender. Encryption methods are 
widely availableto protect against unauthor¬ 
ized disclosure of messages. 

What is becoming increasingly apparent, 
however, is that some of this same technology 


has far greater potential uses. One of the cen¬ 
tral observations of this chapter is that meas¬ 
ures, particularly technical measures, are be¬ 
ginning to be developed that provide some of 
the tools likely to prove important in the long 
term for more secure operation of electronic 
information systems in uncontrolled, even hos¬ 
tile environments. These include environ¬ 
ments, such as the public switched telephone 
network for example, where sensitive data is 
unavoidably exposed to risks of being im¬ 
properly accessed, modified, or substituted, or 
where errors can be introduced by the system 
itself, as from normal electronic noise in com¬ 
munications systems. Information security 
technology shows promise for greatly expand¬ 
ing the range of applications of computer and 
communications systems for commerce and so¬ 
ciety. It will accomplish this by reducing the 
cost of many of today's paper-based business 
transactions, by providing legally binding con¬ 
tracts executed electronically, and by protect¬ 
ing intellectual property and the privacy of per¬ 
sonal data stored in electronic form. (See ch. 5.) 

To achieve most of the above, cryptography 
is critically important. There are no close sub¬ 
stitutes for cryptography available today. 
Cryptography, however, is a technology in 
which the Government has acted somewhat 
inconsistently by controlling private sector 
activity in some ways, while occasionally stim¬ 
ulating it in others. Thus, the technology that 
is important to future applications of informa¬ 
tion security is coupled to Federal policies that 
can encourage or inhibit its advancement. Op¬ 
tions for the future role of Federal policies in 
influencing technological developments are dis¬ 
cussed in chapter 7. 

There are two principal uncertainties in the 
future development of safeguards. The first is 
the extent to which users of computer and com¬ 
munications systems will, in fact, buy and use 
the safeguards that are available. Some of the 
key factors that will influence users' actions 
include their evolving awareness of threats and 
vulnerabilities, the practices of their insurance 
companies, the evolution of "standards of due 
care' related to security practices, the Federal 
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rde as a leader and shaper of the field, and news 
media attention to incidents of misuse. Infor¬ 
mation and communication system risk anal¬ 
yses, based on historical threat and vulnera¬ 
bility profiles, will influence the marketplace 
for safeguards. If the demand for safeguards 
increases, then the market will no doubt re¬ 
spond with more products and techniques. On 
the other hand, if many users' interest in secu¬ 
rity levels off, there may be a shakeout in the 
market for safeguard devices, perhaps leaving 
mainly those products developed for Govern¬ 
ment agencies. 

The second major uncertainty is the extent 
to which vendors of these safeguards, in col¬ 
laboration with users, will be able to develop 
systems that use multiple safeguards in a sim¬ 
ple, integrated fashion. If demand for safe¬ 
guards becomes a significant fraction of the 


overall computer and communications system 
market, the resulting products are more likely 
to be well integrated, easy to use, and low cost. 
For someone who needs to gain access to his 
or her company's mainframe computer from 
home, for example, appropriate safeguards 
might include the functions of a hand-held per¬ 
sonal identification device, encryption of the 
telecommunications link, passwords, dial-back 
modems, and audit logs at both the microcom¬ 
puter and the host computer. Using such a 
combination would be tremendously cumber¬ 
some at present, requiring multiple pieces of 
hardware, software, and passwords. Thus, a 
major challenge for the industry is to develop 
systems that allow the various safeguards to 
work together and to become virtually invisi¬ 
ble to the user, as well as cost-effective. 


ENCRYPTION 


Encryption is the most important technique 
for improving communications security. It is 
also one of several k^ tools for improving com¬ 
puter security. Good-quality encryption is the 
only relatively sure way to prevent many kinds 
of deliberate misuse in increasingly complex 
communications and computer systems with 
many access points. Of course, encryption is 
not a panacea for information security prob¬ 
lems. It must be used in concert with other 
technical and administrative measures, as de¬ 
scribed below. In particular, effective key man¬ 
agement is crucial. 


Encryption Algorithms 

The various techniques for encrypting mes¬ 
sages, based on mathematical algorithms, vary 
widely in their degree of security. The choice of 
algorithms and the method of their development 
have, in fact, been among the most contro¬ 
versial issues in communications and computer 
security. (See ch. 6.) The various algorithms 
currently available differ along the following 
dimensions: 


• The mathematical sophistication and com¬ 
putational complexity of the algorithm it- 
self.—More complex algorithms may be 
(though not necessarily) harder for an ad¬ 
versary to decrypt or break. 

• Whether the algorithm is for a symmetric 
cipher or an asymmetric one —Symmetric 
ciphers use the same key for encryption 
and decryption, while asymmetric ciphers 
use different but related keys. 

• The l&igth of the key used to encrypt and 
decrypt the message.-Each algorithm 
uses a series of numbers known as a key 
that can change with each message, with 
each user, or according to a fixed sched¬ 
ule. Generally, for an algorithm of a given 
complexity, longer keys are more secure. 
One of the important factors in selecting 
keys is to make sure that they cannot be 
easily guessed (e.g., using a phone num¬ 
ber) and that they are as random as pos¬ 
sible (so that an adversary cannot deter¬ 
mine a pattern linking all the keys if one 
is discovered). 

• Whdiher the aigorithm is impiemented in 
soft ware (programming) or hardware (buiit 
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into an integrated circuit chip).-Hard¬ 
ware tends to be much faster than soft¬ 
ware, although less versatile and portable 
from one machine to another. 

.Wh^her the aigorithm is open to public 
scrutiny. -Some nongovernment experts 
argue that users have more confidence in 
an algorithm if it is publicly known and 
subject to testing. NSA and others, on the 
other hand, assert that the algorithm is 
one of three essential pieces of informa¬ 
tion an adversary must have to decrypt 
a message (along with the key and access 
to the message itself) and that secret al¬ 
gorithms are thus more secure.^A re¬ 
lated argument is that if an algorithm is 
publicly known, standardized, and widely 
used, it becomes a more attractive target 
for cracking than algorithms that are sel¬ 
dom used. The Data Encryption Stand¬ 
ard (DES, see below) is one of the few 
working algorithms that is open to pub¬ 
lic scrutiny. Most of the other privately 
developed and all of the NSA-developed 
algorithms currently in use have been kept 
secret. 

DES is probably the most widely known 
modern encryption algorithm. (See app. C for 
background on its development.) Based on an 
algorithm developed by IBM, DES was issued 
as a Federal standard in 1977. Although pub¬ 
licly known and subject to scrutiny for more 
than 10 years, most experts are confident that 
it is secure from virtually any adversary ex¬ 
cept a foreign government. The level of secu¬ 
rity is gradually weakening, however, because 
of the decreasing cost of computer power and 
the possibility of using many computing de¬ 
vices in parallel to crack the algorithm. 

DES has four approved modes of operation, 
specified in FIPS Publication 81 ("DES Modes 
of Operation, " Dec. 2, 1980). The modes vary 
in their characteristics and properties. The four 
modes are the electronic codebook (ECB), ci¬ 
pher block chaining (CBC), cipher feedback 
(CFB), and the output feedback (OFB) modes. 

apgd Goeltz, “Why Not DES?” Computers and Security, vol. 

5, March 1986, pp. 24-27. 


(See app. C.) The CBC and CFB modes can be 
used for message authentication. The ECB 
mode, the simplest to understand, is illustrated 
in figure 13 and box B. One property of this 
mode, however, is that the same plaintext will 
always produce identical ciphertext for a given 
encryption key. This characteristic makes the 
ECB mode less desirable, especially for re¬ 
petitive messages or messages with common 
content (e.g., routing headers or logon Identifi¬ 
cations) because a known plaintext crypto¬ 
graphic attack is more easily mounted, i.e., 
where both the encrypted and unencrypted 
text are available to the cryptanalyst. 

DES is a "private key" cryptographic al¬ 
gorithm, which means that the confidential¬ 
ity of the message, under normal conditions, 
is based on keeping the key secret between the 
sender and receiver of the message. (Seethe 
section on key distribution, below.) The other 
principal form of algorithm is called a"public 
key" system, which uses two keys that are 
mathematically related—one that each user 
publishes and one that he keeps secret. Using 
a public key system, many people can encrypt 
messages sent to a particular correspondent 
(using his or her public key), but only that cor¬ 
respondent can decrypt messages because the 
decryption key is (in principle) kept secret. 
These algorithms are discussed in more detail 
below, and also in appendixes C and D. 

The development of encryption algorithms 
has been a rather idiosyncratic, scattered proc¬ 
ess, and is likely to continue to be. The aca¬ 
demic community of cryptographic research¬ 
ers is a growing and active one, although its 
numbers are relatively small compared to some 
other scientific fields.^Only a handful of peo¬ 
ple in the United States outside NSA have 
attempted seriously to create, validate, and 
implement new high-quality encryption algo¬ 
rithms. Most algorithms currently in use can 
be traced to the work of a few individuals. Cryp¬ 
tographic research requires a high level of abil¬ 
ity in specialized areas of mathematics and/or 
computer science. Different skills are required 

3RRivest, M assachusetts I nstitute Of Technology, personal 
communication with OTA staff, Feb. 4 , 1987 . 
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Figure 13.—DES Encryption in Eiectronic Codebook Mode 


Enciphering Computation Calculation of f(R,K) Key Schedule (KS) Calculation 



SOURCE: NBS FIPS Publication 74, Apr. 1, 1961, pp. 21-23. 


to develop operational safeguards than for the 
oretical research. 

Despite the relatively small size of the sci¬ 
entific community, cryptography has been a 
controversiai science. For exampie, there have 
been controversies concerning attempts by 
NSA to control Federal research funding as 
well as the publication and patenting of pri¬ 
vate sector and academic results in crypto¬ 
graphic research during the past decade for rea¬ 
sons of national security.''NSA does not at 
present have the legislated authority to require 
prepublication review of independent, non¬ 
government research. 

However, following the controversy sparked 
in part by secre^ orders imposed in 1978 on 
two patent applications for cryptographic in¬ 
ventions, NSA, in concert with some academic 
researchers, instituted a voluntary review for 


Tom Ferguson, "Private Locks, Public Keys, and Stats 
Secrets: New Problems in Guarding Information with cryptog¬ 
raphy, " Harvard University center for information Policy 
search, Program on Information Resources Policy, April 1982. 


cryptography manuscripts.'Through this 
process, researchers may submit manuscripts 
to NSA prior to their publication, giving NSA 
the opportunity to request suppression of sen¬ 
sitive material. Although many researchers 
and research institutions take part in this 
voluntary process, others do not, considering 
it a threat to the free exchange of scientific 
ideas. ^ 

The voluntary review service is similar to 
the one proposed by the Public Cryptography 
Study Group of the American Council on Edu¬ 
cation (ACE), which was assembled in 1980 at 
the r^uest of NSA. The group accepted the 
premise that "some information contained in 
cryptology manuscripts could be inimical to 
the national security of the United States. " 
It recommended a voluntary rather than stat¬ 
utory solution to this problem."However, 

Sue.. Congress, Committee On Government Opera- 

tions, “The Government’s Classification of Private Ideas,” 
Thirty-Fourth Report (House Report No. 96-1540), 96th Cong., 
2d sess., Dec. 22, 1980. 

®See: “Brief U.S. Suppression of Proof Stirs Anger, ” The 
New York Times, Feb. 17, 1987, p. C3 

“’Report of the Public Cryptography Study Group, ” Aca* 
deme. vol. 67, December 1981, pp. 372-382. 
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Box B.—An Example of DES Encryption 

The Electronic Codebook (ECB) mode is a basic, block, cryptographic method which transforms 
64 bits of input to 64 bits of output as specified in FI PS PUB 46. The analogy to a codebook arises 
because the same plaintext block always produces the same ciphertext block for a given crypto¬ 
graphic key. Thus a list (or codebook) of plaintext blocks and corresponding ciphertext blocks theo¬ 
retically could be constructed for any given key. In electronic implementation the codebook entries 
are calculated each time for the plaintext to be encrypted and, inversely, for the ciphertext to be 
decrypted. 

Since each bit of an ECB output block is a complex function of all 64 bits of the input block 
and all 56 independent (non-parity) bits of the cryptographic key, a single bit error in either a cipher- 
text block or the non-parity key bits used for decryption will cause the decrypted plaintext block 
to have an average error rate of 50 percent. However, an error in one ECB ciphertext block will 
not affect the decryption of other blocks, i.e., there is no error extension between ECB blocks. 

If block boundaries are lost between encryption and decryption (eg., a bit slip), then synchroni¬ 
zation between the encryption and decryption operations will be lost until correct block boundaries 
are reestablished. The results of all decryption operations will be incorrect until this occurs. 

Since the ECB mode is a 64-bit block cipher, an ECB device must encrypt data in integral multi¬ 
ples of 64 bits. If a user has less than 64 to encrypt, then the least significant bits of the unused 
portion of the input data block must be padded, eg., filled with random or pseudo-random bits, 
prior to ECB encryption. The corresponding decrypting device must then discard these padding 
bits after decryption of the chapter text block. 

The same input block always produces the same output block under a fixed key in ECB mode. 
If this is undesirable in a particular application, the CBC, CFB or OFB modes should be used. An 
example of the ECB mode is given in table Bl. 

Table B1 .—An Example of the Electronic Codebook (ECB) Mode 


The ECB mode in the encrypt State has been selected. 

Cryptographic key = 0123456789abcdef 

The plaintext is the ASCII code for “Now is the time for all. ” These seven-bit characters are 
written in hexadecimal notation (0, b7, b6,..„ b1). 

Time Plaintext DES input block DES output block Ciphertext 

1 4e6f772069732074 4e6f772069732074 3fa40e8a984d4815 3fa40e8a984d4815 

2 68652074696 d6520 68652074696 d6520 6a271787ab8883f9 6a271787ab8883f9 

3 666 f7220616c6c20 666 f7220616c6c20 893d51ec4b563b53 893d51ec4b563b53 


The ECB mode in the decrypt state has been selected. 

Time Ciphertext DES input block DES output block Plaintext 

1 3fa40e8a984d4815 3fa40e8a984d4815 4e6f772069732074 4e6f 772069732074 

2 6a271787ab8883f9 6a271787ab8883f9 68652074696 d6520 68652074696 d6520 

3 893d51 ec4b563b53 893d51 ec4b563b53 666 f7220616c6c20 666f7220616c6c20 

SOURCE: NBS, FIPS Publication 81, Dec. 2, 1980, pp. 12-13. 


some researchers, including one member of the 
ACE group, felt that even voluntary restraints 
would affect the quality and direction of basic 
research in computer science, engineering, and 
mathematics.® 


“The Case Against Restraints on Nongovernmental Re¬ 
search in Cryptography: A Minority Report by Professor George 
1. Davida/' Academe, December 1981, pp. 379-382. 


Currently, although some researchers feel 
that tensions between NSA and the research 
community have eased, others still consider 
that the prospect of NSA controls may dis¬ 
courage researchers, particularly academics, 
from pursuing problems related to cryptogra¬ 
phy. The issue continues to simmer, particu¬ 
larly because cryptography presents some 
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interesting mathematical problems. For exam¬ 
ple, a controversy recently arose when the U.S. 
Patent and Trademarks Office, at the request 
of the U.S. Army, placed a secrecy order— 
which the Army later requested be rescinded— 
on a patent application filed by Israel's Weiz- 
mann Institute. The patent application dealt 
with an area of mathematics called "zero- 
knowledge proof, " pioneered by Silvio Micali 
and colleagues at the Massachusetts Institute 
of Technology, that is considered to hold great 
promise for identification procedures ranging 
from credit card verification to military “friend 
or foe" recognition signals.^ 

Another controversy concerns NSA's deci¬ 
sion not to recertify DBS when it comes up 
for its 5-year review in 1987. NSA announced 
in 1986 that it will continue to endorse cryp¬ 
tographic products using DBS until J anuary 
1,1988, but not certify the DBS algorithm or 
new DBS products after that date, except for 
electronic funds transfer applications. How¬ 
ever, DBS equipment and products endorsed 
prior to J anuary 1,1988, maybe sold and used 
after that date. In justifying this decision, 
NSA argues that DBS has become too popu¬ 
lar and widespread in use, and thus too attrac¬ 
tive a target for adversaries seeking to crack 
it. Some observers have expressed concern that 
NSA decision implies that DBS is no longer 
secure. However, NSA has stated that there 
are no known security problems or risks in¬ 
volved with the continued use of DBS 
equipment. “ 

Instead of recertifying DBS, NSA plans to 
provide and certify three classified algorithms. 
The new algorithms will use tamper-protected, 
integrated circuit modules directly in the prod¬ 
ucts of qualified vendors. This decision offi¬ 
cially affects only U.S. Government agencies 
and contractors, but it may discourage others 


^he invention was made by Adi Shamir, Amos Fiat, and 
Uriel Feige. According to press accounts, the research had pre¬ 
viously been cleared by NSA s voluntary review process, and 
NSA intervened to have the secrecy order reversed. The New 
York Times, Feb. 17, 1987: “A New Approach to Protecting 
Secrets Is Discovered, ” p. Cl; and “Brief U.S. Suppression of 
Proof Stirs An^er, ” p. C3. , _ 

lOHarold Daniels, Jr., National Security Agency, better 

N/2338 to DataPro Research Corp., Dec. 23, 1985. 


from using DBS except for electronic finan¬ 
cial transactions. The NSA plans affect 
safeguard vendors in two major ways: first, 
only selected U.S. vendors will be allowed to 
purchase the modules for incorporation into 
their products, and second, classified informa¬ 
tion (and the need to handle and protect such 
information) will be introduced into the prod¬ 
uct design process.'"Also, some industry 
sources have expressed concern that the new 
secret algorithms are of uncertain reliability 
and will likely allow NSA itself to eavesdrop 
on their communications. 

In any case, industry has certain needs, most 
notably for easily exportable encryption de¬ 
vices and software-based encryption, that the 
new algorithms are unlikely to meet. Many ex¬ 
perts consider software-based encryption less 
secure than hardware-based encryption, in part 
because the key might be exposed during en¬ 
cryption. Also, encryption using software is 
much slower than that using hardware or firm¬ 
ware devices. Nevertheless, some private sec¬ 
tor users prefer software because it is inexpen¬ 
sive and compatible with their existing 
equipment and operations. For instance, reader 
surveys conducted by Security magazine in 
1985 and 1986 found that about half of the re¬ 
spondents stated that they used encryption 
software. “ 

To date, there are no Federal software en¬ 
cryption standards and NSA has stated that 
it will not endorse software encryption prod¬ 
ucts. Also, the new encryption modules are not 


> ‘The Treasury Department has embarked on a major plan 
using DES to authenticate electronic funds transfers. For these 
applications. Treasury will certify the DES and DES-based 
equipment. See ch. 5. 

'^S. Lipner, Digital Equipment Corp., personal communica¬ 
tion with OTA staff, Dec. 24, 1986. See ch. 5 for a description 
of vendor eligibility requirements. 

'JEEE Subcommittee on Privacy, meeting at OTA, July 8, 
1986. 

‘‘‘These data were reported in: Kerrigan Lyndon, “protect- 
irig the Coniorate Computer, Security World, Oct. 1985, pp. 

35-56; and Susan A. Whitehurst, "How Business Battles Com¬ 
puter Crime, " security, October 1986, pp. 54-60. Of the 1985 
survey respondents, 48 percent reported using data encryption 
software compared to only 19 percent reporting use of data en¬ 
cryption hardware. Of the 1986 respondents, 47 percent reported 
using encryption software; the percentage using encryption hard¬ 
ware was not reported. 
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exportable. NSA has not yet announced 
whether it will provide exportable modules for 
use by the private sector. Thus, the NSA deci¬ 
sion not to recertify DES has cast doubt on 
the reliability of the algorithm without provid¬ 
ing a replacement that can meet the full range 
of users' needs. Chapter 6 discusses Federal 
policy in more detail. 

OTA'S analysis suggests that there are cer¬ 
tain kinds of algorithms not widely available 
that would substantially increase the range of 
applications for which encryption would be use¬ 
ful. These include algorithms that are very fast 
(require little processing time), secure enough 
to ensure confidentiality for relatively short 
periods (e.g., days or months for financial trans¬ 
actions, as opposed to years or decades for 
defense and intelligence information), and eas¬ 
ily implemented in software, especially soft¬ 
ware for microcomputers. In addition, because 
of the widespread acceptance of DES for un¬ 
classified information, some experts argue that 
it would be fruitful to develop an improved ver¬ 
sion of that algorithm that would lengthen the 
key while using the same essential scheme. 
However, the commercial market for crypto¬ 
graphic safeguards is still new and small, and 
it has thus far been dominated by DES. Al¬ 
though a number of firms—mostly NSA con¬ 
tractors or spinoffs of these-are reportedly 
working on new encryption algorithms and 
products for the commercial market, " as of 
early 1987 public-key systems are the only area 
of encryption algorithm development in which 
substantial nongovernment research and devel¬ 
opment is evident. Developing a new algorithm 
may take anywhere from 5 to 20 person-years, 
so many firms—except, perhaps, large firms 
that ordinarily devote such substantial re¬ 
sources to long-term research and develop¬ 
ment-may hesitate to invest in a new cryp¬ 
tographic product for a market that, so far, 
has been shaky. " 


‘ “S. Lipner, Digital Equipment Corp., personal communica¬ 
tion with OTA staff. Dec. 24, 1986. 

“’Peter Schweitzer and Whitfield Diffie, personal communi¬ 
cations with OTA staff, June 2, 1986. 


Message Authentication 

An "authentic" message is one that it is not 
a replay of a previous message, has arrived ex¬ 
actly as it was sent (without errors or altera¬ 
tions), and comes from the stated source (not 
forged or falsified by an imposter or fraudu¬ 
lently altered by the recipient). '7 Encryption 
in itself does not automaticaliy authenticate 
a message. It protects against passive eaves¬ 
dropping automatically, but does not protect 
against some forms of active attack. En¬ 
cryption can be used to authenticate messages, 
however, and the DES algorithm is the most 
widely used cryptographic basis for message 
authentication. 

As the use of electronic media for financial 
and business transactions has proliferated, 
message authentication techniques have 
evolved from simple pencil-and-paper calcula¬ 
tions to sophisticated, dedicated hardware 
processors capable of handling hundreds of 
messages a minute. In general, the various 
techniques can be grouped together according 
to whether they are based on public or, at least 
in part, on secret knowledge. 

Public techniques share a common weakness: 
they check against errors, but not against ma¬ 
licious modifications. Therefore, fraudulent 
messages might be accepted as genuine ones 
because they are accompanied by "proper" 
authentication parameters, based on informa¬ 
tion that is not secret. Using secret parame¬ 
ters, however, message authentication cannot 
be forged unless the secret parameters are com¬ 
promised. A different secret parameter is usu- 

‘ 'For a thorough discussion of message authentication and 
the various techniques used to authenticate messages, see Da¬ 
vies & Price, Security for Computer Net works: An Introduc¬ 
tion to Data Security in Teleprocessing and Electronic Funds 
Transfers, Ch. 5, (New York, NY: J. Wiley, 1984). The descrip¬ 
tions of authentication techniques in this section follow Davies 
& Price closely. 

^"“Passive attack” is described as eavesdropping and “ac¬ 
tive attack” as the falsification of data and transactions through 
such means as: 1 ) alteration, deletion, or addition; 2) changing 
the apparent origin of the message; 3) changing the actual des¬ 
tination of the message; 4) altering the sequence of blocks of 
data or items in the message: 5) replaying previously transmitted 
or stored data to create a new false message; or 6) falsifying 
an acknowledgment for a genuine message. See Davies & Price, 
pp. 119-120, 
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ally required for each sender-receiver pair. The 
logistics for distributing this secret informa¬ 
tion to the correct parties is analogous to key 
distribution for encryption (see below). 

If privacy as well as authentication is re¬ 
quired, one scheme for encrypting and authen¬ 
ticating a message involves sequential use of 
DES with two different secret keys: one to cal¬ 
culate the authenticator (called the message 
authentication code or MAC) and one to en¬ 
crypt the message. Even the use of a message 


authentication code and encryption do not safe 
guard against replay of messages or malice on 
the part of one of the corresponding parties, 
so various message sequence numbers, date 
and time stamps, and other features are usu¬ 
ally incorporated into the text of the message. 
Box C discusses the use of message authenti¬ 
cation in financial transactions. Figure 14 
shows a data authentication code (synonymous 
with message authentication code) based on 
the DES algorithm. 


Box C.—Application of Message Authentication to Electronic Funds Transfer 

Developments in the banking industry provide a good example of how important information 
should be safeguarded, both because of the large amounts of money involved and because of the 
early use of new safeguard technology by segments of this industry.'Roughly $668 billion per day 
was transferred over the FedWire and Clearing House Interbank Payment System (CHIPS) net¬ 
works alone in 1984, representing a 48 percent increase over 1980. ^The fully-automated, online, 
FedWire system handled 49.5 million domestic transactions in 1986, with an average value of $2.5 
million each, for a total of $124.4 trillion. In the same year, CHIPS handled $125 trillion in domestic 
and international payments for its member banks.' 

During recent decades, the financial community has made increasing use of computer and com¬ 
munications systems to automate these fund transfers and other transactions. Typically, the com¬ 
puter systems of these financial institutions are interconnected with local and long distance public 
and private communications networks, over which the bankers have only limited control over poten¬ 
tial fraud, theft, unauthorized monitoring, and other misuse. Their customers have an expectation 
of privacy and banks have the obligation to restrict details of financial transactions to those who 
need to know. 

Wholesale and retail banking systems have somewhat different requirements for safeguards 
for funds transferred electronically. Wholesale bankers' requirements include message authentica¬ 
tion and verification, as well as confidentiality of some communications; retail banking requirements 
additionally include authentication of individual automatic teller machines, confidentiality of cus¬ 
tomers' personal identification numbers, and communications security between the automatic tellers 
and the host computer. These needs are in sharp contrast with those of the defense-intelligence 
establishment, where confidentiality is the primary concern. 

During the past decades, various technical methods have been adopted to reduce errors and 
to prevent criminal abuse relating to electronic fund transfers. Among these are parity checks, check¬ 
sums, testwords, and pattern checks.' Some of these methods are widely used in various banking 
networks to verify that user inputs are correct and detect errors rather than protect against crimi¬ 
nal activity. 


‘Wholesale banking transactions are characterized by iarge doiiar amounts per average transaction (e.g., about $3 miiiion) and daiiy voiumes 
of transactions that number in the thousands or tens of thousands. Retaii banking transactions amounts might average $50 and number 
in the hundreds of thousands. 

"'Eiectronic Funds Transfer Systems Fraud, " U.S. Department of J ustice, Bureau of J ustice Statistics, NCJ -100461, Aprii 1986. 

'information on FedWire and CHiPS from F. Young, Division of Federai Reserve Bank Operations, personai communication with OTA 
staff, Feb. 12, 1987. 

'Fora brief description of testwords (or test keys) in banking transactions, seeM. Biake Green iee, "Requirements for Key Management 
Protocois in the Whoiesaie Finandai Services industry, " IEEE Communications Magazine, voi. 23, No. 9, September 1985, 
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One of the major, traditional drawbacks of encryption systems is that of key distribution. Each 
pair of communicating locations generally requires a matched, unique set of keys or codes, which 
have to be delivered in some way-usually by a trusted courier-to these users each time the keys 
are changed. (An alternative is to use a prearranged code book, which can be compromised, as has 
been well publicized in recent spy trials.) The key distribution problem rapidly becomes onerous 
as the number of communicators increases. ' The discovery of the public-key algorithm, noted 
earlier, may alleviate some of the key distribution problems—for example, to distribute the secret 
keys to large networks of users. 

In the late 1970s, the financial community was quick to realize the potential of the new 
cryptographic-based message authentication codes as a replacement for testwords. These codes al¬ 
low major improvements in safeguards against both errors and intentional abuse, and facilitate 
the potential of future transaction growth. Thus, this community has pioneered industrywide tech¬ 
nical standards both in the United States and worldwide. 

The message authentication code is a cryptographically derived check sum based on processing 
the electronic fund transfer message with the DES algorithm (called the Data Encryption Algorithm 
in the financial services community) and a secret key.®The sender calculates the code and appends 
it to the message. The receiver calculates a code independently based on the same message, algorithm, 
and secret key. Most new bank authentication systems in use or in planning utilize DES to calculate 
the codes. If the code calculated by the receiver is identical to that sent with the message, then 
there is a high level of assurance that the originator is authentic and that the content of the received 
message is identical to that transmitted by the sender, with no alterations of any kind. Also, some 
banks authenticate and encrypt their wholesale electronic fund transfers whenever practical and 
in countries where encryption is legally permissible.' 

The number of pairs of separate keys needed in a network of “n” communicators, each pair of which requires unique keys, is n(n- 1 )2. 
Thus, a network of 5 communicators requires 10 separate pairs of keys, while a network of 100 communicators requires 4,950 pairs of keys. 
These numbers pale when considering that 10,000 banks send fund transfers worldwide, the largest of which have thousands of keying rela¬ 
tionships. 

^For a thorough discussion of the properties of message authentication techniques, see K.R. Jueneman.S.M.Matyas, and C'. H. Meyer. 
"Message Authentication, " IEEE Communications Magazine, vol.23. No. 9, September 1985. 

'C. Helsing. Bank of America, personal communication with OTA staff, December 1986. 


Public-Key Ciphers 

A symmetric cipher is an encryption method 
using one key, known to both the sender and 
receiver of a message, that is used both to en¬ 
crypt and decrypt the message. Obviously, the 
strength of a symmetric cipher depends on 
both parties keeping the key secret from 
others. With DES, for example, the algorithm 
is known, so revealing the encryption key per¬ 
mits the message to be read by any third party. 

An asymmetric cipher is an encryption 
scheme using a pair of keys, one to encrypt 
and a second to decrypt a message. “A spe- 


r‘See Davies & Price, ch. 8, for a more complete discussion 
of asymmetric and public-key ciphers. A discussion of the under¬ 
lying principles of public-key ciphers, including examples of the 


dal class of asymmetric ciphers are public-key 
ciphers, in which the encrypting key need not 
be kept secret to ensure a private communica¬ 
tion.^" Rather, Party A can publicly announce 
his or her encrypting key, PKa, allowing any¬ 
one who wishes to communicate privately with 
him or her to use it to encrypt a message. Party 
A's decrypting key (SKa) is kept secret, so 
that only A or someone else who has obtained 


RSA and knapsack algorithms, is given in Martin E. Heilman: 
“The Mathematics of Public-Key Cryptography. ” Scientific 
American, vol. 241, No. 2, August 1979, pp. 146-157. A pictorial 
example of the RSA public-key method can be found in Under¬ 
standing Computers/COMPUTER SECURITY (Alexandria, 
VA: Time-Life Books, 1986), pp. 112-117. 

"'The public-key concept was first proposed by Whitfield 
Diffie and Martin Heilman in their pathbreaking paper. “New 
Directions in Cryptography, ” IEEE Trans. Inform. Theory, 
/7-22, 6, November 1976, pp. 644-654. 
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Figure 14.—Federal Standard for Authentication 


The DAA Authentication Process 

A cryptographic Data Authentication Algorithm (DAA) 
can protect against both accidental and intentional, but un¬ 
authorized, data modification. 

A Data Authentication Code (DAC) is generated by ap¬ 
plying the DAA to data as described in the following section. 
The DAC, which is a mathematical function of both the data 
and a cryptographic key, may then be stored or transmitted 
with the data. When the integrity of the data is to be verified, 
the DAC is generated on the current data and compared with 
the previously generated DAC. If the two values are equal, 
the integrity (i.e., authenticity) of the data is verified. 

The DAA detects data modifications which occur be¬ 
tween the initial generation of the DAC and the validation 
of the received DAC. It does not detect errors which occur 
before the DAC is originally generated. 

Generation of the DAC 

The Data Authentication Algorithm (DAA) makes use of 
the Data Encryption Standard (DES) cryptographic algorithm 
specified in FIPS PUB 46. The DES algorithm transforms (or 
encrypts) 64-bit input vectors to 64-bit output vectors using 
a cryptographic key. Let D be any 64-bit input vector and as¬ 
sume a key has been selected. The 64-bit vector, O, which 
is the output of the DES algorithm when DES is applied to 
D, using the enciphering operation, is represented as follows. 

O = e(D) 

The data (e.g., record, file, message, or program) to be 
authenticated is grouped into contiguous 64-bit blocks: D1, 
D2 ..., Dn. If the number of data bits is not a multiple of 64, 
then the final input block will be a partial block of data, left 
justified, with zeros appended to form a full 64-bit block. The 
calculation of the DAC is given by the following equations 
where.+ represents the Exciusive-OR of two Vecu ors. 

01 = e(DI) 

02 = e(D2 I? 01) 

03 = e(D3 1(3) 02) 


Jn = e(Un vij on-1) 

The DAC is selected from On. Devices which implement the 
DAA shall be capable of selected the leftmost M bits of On 

SOURCE: NBS FIPS Publication 113, May 30, 1985, pp. 3-6. 


as the DAC, where 16 < M < 64 and M is a multiple of 8. 
A block diagram of the DAC generation is given below, along 
with an example. The Cipher Block Chaining Mode (CBC) with 
Initialization Vector (IV) = O and the 64-bit Cipher Feedback 
Mode with IV = D1 and data equal to D2, D3, . . Dn (see 
FIPS PUB 81) both yield the required DAC calculation. 


Block Diagram of the DAC Generation 


Time 1 Time 2 Time n-i Time n 



3 = Data Block O = Output Block K = DES Key 

= Input Block DES = Data Encryption Standard ‘ = Exclusive-OR 


\n Example of the DAA 

Cryptographic Key = 0123456789abcdef 


The text is the ASCII code for “7654321 Now is the time for.” 
These 7-btt characters are written in hexadecimal notation 
0,b7,be_b,). 


Text = 

37363534333231204e6f77206873207468652074696d6520666f7220 


IME 

1 

2 

3 

4 


PLAIN TEXT 
3736353433323120 
4e6f772O69732074 
68652074696d6520 
6661722000000000 


DES INPUT BLOCK 
3736353433323120 
6f946e16fad24c5c 
04231f78de7b1f4f 
f3019ab1e889d91e 


DES OUTPUT BLOCK 
21fb193693a16c28 
6c463f0cb7167a6f 
956ee89le889d9le 
f1d30f6849312ca4 


\ 32-bit DAC = f1d30f68 is selected. 


his or her decrypting key can easily convert 
messages encrypted with PKa back into 
plaintext."' Knowing the public encrypting 
key, even when the encrypted message is also 
available, does not make computing the secret 
decrypting key easy, so that in practice only 
the authorized holder of the secret k^ can read 
the encrypted message. 

^'For A and B to have private two-way communication, two 
pairs of keys are required: the “public” encryption keys 
PK^and PK^, and the secret decryption keys SK^and SK^. 


If the encrypting key is publicly known, how¬ 
ever, a properly encrypted message can come 
from any source. There is no guarantee of its 
authenticity. It is thus crucial that the public 
encrypting key be authentic. An imposter 
could publish his or her own public key, PKi 
and pretend it came from A in order to read 
messages intended for A, which he or she could 
intercept and then read using his or her own 
SKI. Therefore, the strength of the public-key 
cipher rests on the authenticity of the public 
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key. A variant of the system allows a sender 
to authenticate messages by "signing" them 
using an encrypting key, which (supposedly) 
is known only to him or her. This very strong 
means of authentication is discussed further 
in the section on digital signatures below. 

The RSA public key is one patented system 
available for licensing from RSA Data Secu¬ 
rity, Inc. It permits the use of digital signa¬ 
tures to resolve disputes between a sender and 
receiver. The RSA system is based on the rela¬ 
tive difficult y of finding two large prime num¬ 
bers, given their product. The recipient of the 
message (and originator of the key pair) first 
randomly selects two large prime numbers, 
called p and q, which are kept secret. The re¬ 
cipient then chooses another (odd) integer e, 
which must pass a special mathematical test 
based on the values of p and q. The product, 
n, of p times q and the value of e are announced 
as the public encryption key. Even though 
their product is announced publicly, the prime 
factors p and q are not readily obtained from 
n. Therefore, revealing the product of p and 
q does not compromise the secret key, which 
is computed from the individual values of p 
and Current implementations of the ci¬ 
pher use keys with 200 or more decimal digits 
in the published number N. A more complete 
description of the RSA system, including a dis¬ 
cussion of its computational security, is given 
in appendix D. 

Figure 15 shows a simple illustrative exam¬ 
ple of a public-key cipher based on the RSA 
algorithm. This simplified example is based on 
small prime numbers and decimal representa¬ 
tions of the alphabet. It is important to bear 
in mind, however, that operational RSA sys¬ 
tems use much larger primes. 

The RSA system was invented at the Mas¬ 
sachusetts Institute of Technology (MIT) in 
1978 by Ronald Rivest, Adi Shamir, and 
Leonard Adel man. The three inventors formed 


"^Certain special values of (pHq) can be factored easily—when 
p and q are nearly equal, for instance. These special cases need 
to be avoided in selecting suitable keys. Furthermore, it is im¬ 
portant to remember that this cipher system is no more secure 
than the secrecy of the private key. 


RSA Data Security, Inc. in 1982 and obtained 
an exclusive license for their invention from 
MIT, which owns the patent. The firm has de¬ 
veloped proprietary software packages imple¬ 
menting the RSA cipher on personal computer 
networks. These packages, being sold commer¬ 
cially, provide software-based communication 
safeguards, including message authentication, 
digital signatures, key management, and en¬ 
cryption. The firm also sells safeguards for 
data files and spread sheets transmitted be¬ 
tween work stations, electronic mail networks, 
and locally stored files. The software will en¬ 
crypt American Standard Code for Informa¬ 
tion Interchange (ASCI I), binary, or other files 
on an IBM personal computers or compatible 
machines, and runs on an IBM PC/AT at an 
encryption rate of 3,500 bytes per second. 

A number of public-key ciphers have been 
devised by other industry and academic re¬ 
searchers. Stanford University, for instance, 
holds four cryptographic patents, potentially 
covering a broad range of cryptographic and 
digital signature applications. Some of these 
patents have been licensed to various compa¬ 
nies for use in their products.^ 

Digital Signatures 

Encryption or message authentication alone 
can only safeguard a communication or trans¬ 
action against the actions of third parties. They 
cannot fully protect one of the communicat¬ 
ing parties from fraudulent actions by the 
other, such as forgery or repudiation of a mes¬ 
sage or transaction. Nor can they resolve con¬ 
tractual disputes between the two parties. 
Paper-based systems have long depended on 
letters of introduction for identification of the 
parties, signatures for authenticating a letter 
or contract, and sealed envelopes for privacy. 
The contractual value of paper documents 
hinges on the recognized legal validity of the 
signature and the laws against forgery. 


"The companies include the Harris Corp., Northern Telecom, 
VISA, Public Key Systems, and Cylink. Lisa Kuuttila, Stan¬ 
ford Office of Technology Licensing, personal communication 
with OTA staff. Sept. 29, 1986. 
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Figure 15.—Public-Key Ciphers 

This example is adapted from one used in Understanding Computers/Computer Security, © 1S86 Time-Life Books, Inc. 

A. Converting a message to numbers 
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Before a message can be encrypted by the public-key method, it must be blocked and each block assigned a numerical value. Blocks may vary 
in size, from one character to several; and numerical values may be assigned in many ways, within constraints imposed by the system. In the 
example used here, each character is treated as a block, and a simple number-assigning system is used: A = 1, B = 2, C = 3, D = 4, and 
so on (tab/e at top). 


C. The Arithmetic of locking and unlocking: the sender, user B, uses PKaIo encrypt a message to user A. 


The number 19, assigned to the letter S, is 
raised to the fifth power (multiplied by itself 
five times), as dictated by the second part 
of PKA (5). 


The result of 19 raised to the fifth 
power—2,476,099—is divided by the first 
part of PKA, the number 119. 


The division yields the number 20,807 and a 
remainder of 66. Only the remainder is im¬ 
portant. It is the value of the encrypted let¬ 
ter S. 



The next letter of the message, E, has the 
assigned value 5. Using the second part of 
PKa, this number is raised to the fifth 
power. 


The result of multiplying 5 by itself five 
times—3,125—is divided by the other part 
Of PKa 119. 


20807 and a 
remainder of 
66 (encrypted S) 




26 and a 
remainder of 
31 (encrypted E) 


31 


The division yields the number 26 and a re¬ 
mainder of 31. Again, only the remainder is 
significant, it is the value of the encrypted 
letter E. 
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B. Creating user A’s keys. 


1, Each user has a public and a private key, 
and each key has two parts To create user 
A’s keys, two prime numbers, customarily 
designated P and Q, are generated by an 
operator at a central computer or key gener¬ 
ation center (To qualify, a prime number 
must pass a special mathematical test ) 
Here. P is 7, Q is 17. 

2, In this simplified example, the two 
primes are multiplied, and the result—N— 
will be the first part of both keys, N is 119 

3. Next, an odd number is chosen, in this 
case, 5. (This number—designated E—must 
also pass a special mathematical text.) It 
forms the second part of the public key. 

PKA. 

4. To create the second part of the private 
key, the numbers are multiplied P minus 1 
(6, In this case) times Q minus 1 (16) times 
E minus 1 (4) The result is 384 

5, Next, 1 is added to the result of the 
previous step, yielding 385 

6. The sum is divided by E (5). The result of 
the division, 77 (designated D), is the se¬ 
cond part of SKA 


1 P = 7, Q = 17 

2 7 X 17 = 119 = N 

3 E =5 

4 6 X 16 X 4 = 384 

5 384 -H 1 = 385 

6 385 -H 5 = 77 = D 


Public key 



Private key 




At the end of the procedure user A has a 
public key (119 5) and a private key (119 77) 
In reality, these numbers would be many 
digits long. 


D. The recipient, user A, uses his private key, SKa, to decrypt the message. 


Decryption, using SKA, follows the same 
steps First, 66—the encrypted S— is raised 
to the 77th power, as dictated by the se¬ 
cond part of the key, SKa. 


The result of the previous step is divided by 
119, the first part of SKa, which is identical 
to the first part of user A’s public key. 



The remainder resulting from the division is 
19—the original number assigned to the let¬ 
ter S. Thus, the decryption of the first one- 
letter block of the message is complete 


1069 . . . and a 

remainder of 

19 (numerical equivalent of) 


s 



The number 31 —the encrypted letter E—Is 
raised to the 77th power, as dictated by the 
second part SKA 


The result of multiplying 31 by itself 77 
times IS divided by 119. the other part of 
the private key SKA 


The remainder from the dvision is 5—the 
original value assigned to the letter E Each 
letter block will be decrypted in the same 
way. 


SOURCE Adapted from Computer Secuhfy (Alexandria, VA Time-Life Books, 1986} pp 112-115 
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Figure 16.— Digital Signatures Using a Public-Key Cipher 

This example uses the same key pair (PKa, SKa) generated for user A In figure 15. In this example, the sender (user B) uses his private key 
(SKb) to “sign” a message intended for user A and then “seals’” it by encrypting, the message with user A’s public key (PKa). 



To begin the encryption technique called 
signing, the value of the letter S (I9)—Is 
raised ‘to the 27th power, as dictated by the 
second part of SKb. 


The result of raising 19 to the 27th power is 
divided by 55, the first part of SKb. 


3360... 



The division yields a very large number, 
which is disregarded, and a remainder of 
24. This completes the signing process for 
the letter S; only user B’s public key PKb 
can decrypt It 


6109 .. . and a 
remainder of 
24 (encrypted S) 



^ ^ 5 7962624 

24 -- 


To seal the message for secrecy, the result 
of the first encryption, 24 in this case, is 
raised to the fifth power, as dictated by the 
second part of the receiver’s public key, 
PKA, 


119 


The result of raising 24 to the fifth power is 
divided by 119, the other part of PKA, 


66912 and a 

remainder of 
96 (double-encrypted S) 


96 



The division yields a number (disregarded) 
and a remainder of 96-the twice-encrypted 
S. It will be sent when the rest of the mes¬ 
sage has undergone the same double en¬ 
cryption. 
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To decrypt a .signed-and-sealed message, 
user A raises the number 96—the double- 
encrypted S—to the 77th power, as dictated 
by one part of his private key, ska 


The result of the prevtous step is divided by 
119, the other part of SKA, 


The division yields a very large number (dis¬ 
regarded) and a remainder of 24—the cipher 
imposed on the letter S by the sender’s pri¬ 
vate key, SKB. 



To decrypt this digital signature, the num¬ 
ber 24 IS raised to the third power, as dic¬ 
tated by one part of the sender’s public 
key, PKB 


The result of raising 24 to the third power 
IS divided by 55, as determined by the other 
part of PKB 


The division yields a number (disregarded) 
and a remainder of 19—the numerical 
equivalent assigned to the letter S by the 
system. Performing the same steps on the 
rest of the transmission reveals the 
plaintext. 


SOURCE Adapted from Computer Security (Alexandra, VA Time.Life Books, 1986), pp 116.117 
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Equivalent functions for electronic docu¬ 
ments can be provided by using an asymmet¬ 
ric cipher, such as the RSA cipher, to create 
a digital signature for a document.^^'This can 
both authenticate their contents and also prove 
who sent them because only one party is pre¬ 
sumed to know the secret information used to 
create the signature. If privacy is required, en¬ 
cryption can be used in addition to the digital 
signature. However, the "proof" of the signa¬ 
ture hinges on the presumption that only one 
party knows the secret signing key. If this 
secret information is compromised, then the 
proof fails. 

The equivalent of a letter of introduction is 
still necessary to verify that the correct pub¬ 
lic key was used to check the digital signa¬ 
ture—an adversary might try to spoof the sig¬ 


^'‘Other public-key ciphers using different one-way functions 
could provide the mechanism for a form of digital signature; 
however, none are commercially available at present. Also, it 
is possible to use a symmetric cipher such as DES in an asym¬ 
metric fashion—at least two signature functions of this type 
have been described-but these functions are more inconvenient 
to use than the RSA method and require more administrative 
effort. See Davies & Price, ch. 9, for a general treatment of digi¬ 
tal signatures and alternative methods. 


nature system by substituting his or her own 
public key and signature for the real author's. 
This letter of introduction could be accom¬ 
plished by several means. The system offered 
by RSA Data Security, Inc, provides "signed 
key server certificates" by attaching the cor¬ 
poration's own digital signature to its custom¬ 
ers' public keys. Thus, customers can attach 
their certified public keys to the messages they 
sign. Note that although a public-key cipher 
system is used to set up the digital signature 
system, the actual text of the message can be 
sent in plaintext, if desired, or it can be en¬ 
crypted using DES or the public-key cipher.^" 

Figure 16 continues the simplified example 
in figure 15 to illustrate the digital signature 
technique. 


example, if the author wishes to keep the text of the 
message private, so that only the intended recipient can read 
it, he or she can encrypt the signed message, using the recipi¬ 
ent’s public key. Then, the recipient first uses his or her own 
secret key to decrypt the signed message and then uses the 
sender’s public key to check the signature. In practice, the RSA 
digital signature system is used to transmit a DES key for use 
in encrypting the text of a message because DES can be imple¬ 
mented in hardware and is much faster than using the RSA 
algorithm to encrypt text in software. 


NEW TECHNOLOGIES FOR PRIVATE AND 
SECURE TRANSACTIONS 


The public-key and digital signature systems 
described above have important uses for key 
exchange and management, for authenticat¬ 
ing messages and transactions, and for permit¬ 
ting enforceable "electronic contracts" to be 
made, including electronic purchase orders and 
other routine business transactions. Digital 
signatures might also be used in equally se¬ 
cure transaction systems that preserve the 
privacy of individuals. This would be accom¬ 
plished by permitting transactions to be made 
pseudonymously (using digital signatures. 


which would correspond to digital pseudonyms 
that could differ for each type of trans¬ 
action) .2' That is, transactions could be made 
without revealing the identity of the individ¬ 
ual, yet at the same time making certain that 
each transaction is completed accurately and 
properly. 


'('See, for example, David. Chaum, “SecuriW Without Iden¬ 
tification: Transactions Systems To Make Big Brother Obso¬ 
lete, " Communications ojthe ACM, vol 28, No. 10, October 

1985. 
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Digital signatures could prevent authorities 
from cross-matching data from different types 
of transactions or using computer profiling to 
identify individuals who have a particular pat¬ 
tern of transactions. Database matching is a 
technique that uses a computer to compare two 
or more databases to identify individuals in 
common (e.g., Federal employees who have 
defaulted on student loans). Computer profil¬ 
ing uses inductive logic to determine indica¬ 
tors of characteristics and/or behavior patterns 
that are related to the occurrence of certain 
behavior (e.g., deveioping a set of personal and 
transactional criteria that make up a profile 
of a drug courier). 

Public-key systems make it possible to estab¬ 
lish a new type of transaction system that pro¬ 
tects individual privacy while maintaining the 
security of transactions made by individuals 
and organizations. This new system would ere 
ate a security relationship between individuals 
and organizations in which an organization and 
the individuals it serves cooperatively provide 
mutual protection, allowing the parties to pro¬ 
tect their own interests. 

For example, instead of individuals using the 
same identification (e.g.. Social Security num¬ 
bers, which are now commonly used on drivers' 
licenses, insurance forms, employment records, 
tax and banking records, etc), they would use 
a different account number or digital pseudo¬ 
nym with each organization they do business 
with. Individuals could create their pseudo¬ 
nyms, rather than have them issued by a cen¬ 
tral authority. A one-time pseudonym might 
even be created for certain types of trans- 

^"For a further discussion of the implications of computer 
database matching and profiling, see the Office of Technology 
Assessment, Federal Government Information Technology: 
Electronic Record Systems and Individual Privacy, OTA-CIT- 
296 (Washington, DC: U.S. Government Printing Office, June 
1986). 


actions, such as retail purchases. Although 
individuals would be able to authenticate 
ownership of their pseudonyms and would be 
accountable for their use, the pseudonyms 
could not be traced by computer database 
matching.On the other hand, the use of nu¬ 
merous digital pseudonyms might make it 
more complicate for individuals to check or 
review all their records. ^ 

A second difference is the ownership of the 
“tokens" used to make transactions. Cur- 
rentiy, individuais are issued credentiais, such 
as paper documents or magnetic stripe cards, 
to use in transactions with organizations. 
Moreover, the information contained on the 
electronic credentials is usually not directly 
reviewable or modifiable by the individual who 
uses it. I n the scheme described above, indi¬ 
viduals would own the transaction token and 
would control the information on it. 

This system iliustrates how technologicai de 
velopments and organizational changes can be 
used to mitigate potential erosions of privacy 
that could result from the widespread use of 
multi-purpose smart cards and computer 
profiling. Flowever, while the technology and 
organizational infrastructures for the latter, 
at least, are already fairly well developed, the 
practical development of privacy systems is 
just beginning.^" 


28 ;^ formal description of a “credential mechanism for pseu¬ 
donyms is given in David Chaum and Jan-Hendrik Evertse, “A 
Secure and Privacy-Protecting Protocol for Transmitting Per¬ 
sonal Information Between Organizations, Advances in Cryp¬ 
tology: Proceedings of Crypto 86, AM. Odlyzko (cd.), Springer- 
Verlag Lecture Notes in Computer Science, forthcoming, sum¬ 
mer 1987. 

^^Chaum suggests using a card computer to manage this 
complexity while maintaining a convenient user interface. Per¬ 
sonal communication with OTA staff, February 1987. 

Center for Mathematics and Computer Science in Am¬ 
sterdam has recently demonstrated a payment system and is 
working with European groups to develop trial systems. David 
Chaum, personal communication with OTA staff, February 1987. 


KEY MANAGEMENT 


Key management is fundamental and cru¬ 
cial to encrypt ion-based communication and 
information safeguards. As an analogy, one 
might say that: 


The safety of valuables in a locked box de¬ 
pends as much or more on the care with which 
the keys are treated than on the quality of the 
lock. It is useless to lock up valuables if the 
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key is left lying around. The key may be sto¬ 
len, or worse, it may be secretly duplicated and 

used at the thief's pleasure.^' 

Key management encompasses the genera¬ 
tion of encrypting and decrypting keys as well 
as their storage, distribution, cataloging, and 
eventual destruction. These functions may be 
handled centrally, distributed among users, or 
by some combination of central and local key 
management. Also, key distribution can be 
handled through various techniques: by using 
couriers to distribute data-encrypting keys or 
master (key-encrypting) keys, for instance, or 
by distributing keys electronically using a 
public-key cipher. The relative merits of each 
mode of key management are subject to some 
debate. 

For example, some technical experts, includ¬ 
ing those at NSA, argue that centralized key 
generation and distribution, perhaps per¬ 
formed electronically, efficiently ensures in¬ 
teroperability among different users and that 
relatively unsophisticated users do not inad¬ 
vertently use any weak keys that may exist. 
NSA has stated that, for reasons of security 
and interoperability, it plans to control key 
generation for the new STU-III secure tele¬ 
phones (seech. 5), including those purchased 
by private sector users. It is also likely that 
NSA will control key generation for equipment 
using its new encryption modules. 

Some critics of this plan are concerned that 
NSA might be required—by secret court or¬ 
der, perhaps—to selectively retain certain 
users' keys in order to monitor their commu¬ 
nications. Others express concerns that key¬ 
ing material may be exposed to potentially un¬ 
reliable employees of NSA contractors. At the 
very least, the prospect of centralized NSA key 
generation has generated some public con¬ 
troversy. 


aiThis analogy from Lee Neuwirth: “A Comparison of Four 
Key Distribution Methods, ” Telecornmunications (Technical 
Note), July 1986, pp. 110-115. For a detailed discussion of key 
distribution and key management schemes, also see ch. 6 of Da¬ 
vies & Price. 


On the other hand, the National Bureau of 
Standards (NBS) operates on the assumption 
that each user organization should generate 
its own keys and manage its own key distri¬ 
bution center. In the United States, Federal 
standards for protecting unclassified informa¬ 
tion in Government computer systems have 
been developed by NBS^^which has also 
worked cooperatively with private organiza¬ 
tions such as the American Bankers Associa¬ 
tion (ABA) and the American National Stand¬ 
ards Institute (ANSI). Additionally, ABA and 
ANSI have developed voluntary standards re¬ 
lated to cryptography for data privacy and in¬ 
tegrity, including key management. The In¬ 
ternational Organization for Standardization 
(ISO) has been developing international stand¬ 
ards, often based on those of NBS and/or 
ANSI Standards of these types are in¬ 
tended to specify performance requirements 
(accountability for keys, assignment of liabil¬ 
ity) and interoperability requirements for com¬ 
munications among users. 

According to some experts, it is technically 
possible to handle centralized key distribution 
so that the key-generating center cannot read 
users' messages. If this were done, it would 
provide efficient and authenticated key distri¬ 
bution without the potential for misuse by a 
centralized authority. However, whether NSA 
plans to use these techniques has not been 
made public. 

In any event, a key distribution center of 
some sort is the most prominent feature of key 
management for multi-user applications. Such 
a center is needed to establish users' identi¬ 
ties and supply them with the keys to be used 
for communications-usually, with "seed" 
keys used to establish individual session keys. 


'^^See, for example. Federal Information Processing Stand¬ 
ards (FIPS) Publications FIPS PUB 81,74, and 11Spublished 
by NBS. 

Branstad, Institute for Computer Science and Technol¬ 
ogy, National Bureau of Standards. Information about NBS 
and standards development from personal communication with 
OTA staff, Aug. 6, 1986. For a general discussion of security 
standards based on cryptography, see: Dennis K. Branstad and 
Miles E. Smid, “Integrity and Security Standards Based on 
Cryptography, ” Computers and Security, vol 1, 1982, pp. 
255-260. 
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Even in a public-key system, the initial secret 
keys must be computed or distributed. NBS 
has developed a key notarization system that 
provides for authenticated distributed keys 
and other key management functions.^NBS 
had initiated a process for developing stand¬ 
ards for public-key systems^"but is no longer 
pursuing this activity. 

The traditional means of key distribution- 
through couriers—is a time-consuming and ex¬ 
pensive process that places the integrity of the 
keys, hence the security of the cipher system, 
in the hands of the courier(s). Courier-based 
key distribution is especially awkward when 
keys need to be changed frequently. Recently, 
public-key systems for key distribution have 
been made available allowing encryption keys 
(e.g., DES keys) to be securely transmitted 
over public networks—between personal com¬ 
puters over the public-switched telephone net¬ 
work, for example. There continue to be new 
developments in public-key cryptography re¬ 
search.^® 

“Branstad and Smid, op. cit., p. 258. 

"" Ibid., p. 259. 

'"’S.Goldwasser, S. Micali, and R. Rivest/‘A Digital Signa¬ 
ture Scheme Secure Against Adaptive Chosen Message Attack, 
MIT Laboratory for Computer Science, Rev. Apr. 23,1986, 


To date, the best-known commercial offer¬ 
ing of a public-key system to secure key dis¬ 
tribution (or other electronic mail or data trans¬ 
fers) is by RSA Data Security, Inc. Other 
public-key systems have been developed, some 
earlier than RSA, but to date none have yet 
gained wide commercial acceptance. Although 
RSA initially attempted to implement its al¬ 
gorithm in hardware, their first successful com¬ 
mercial offerings, introduced in 1986, use soft¬ 
ware encryption. The Lotus Development 
Corp., one of the largest independent software 
companies, has licensed the RSA patent for 
use in future products. RSA Data Security has 
also licensed the patent to numerous large and 
small firms and to universities engaged in re¬ 
search, as well as to some Federal agencies, 
including the U.S. Navy and the Department 
of Labor.^'A new hardware implementation 
of several public-k^ ciphers (including RSA 
and the SEEK cipher) was offered commer¬ 
cially in 1986. The chip, developed by Cylink, 
Inc, will be used in Cylink's own data encryp¬ 
tion products and is available to other vendors 
who wish to use \t.^ 


R.etter to OTA staff from Jim Bidzos, RSA Data Security. 
Inc., Feb. 19, 1987. 

'"See Cypher Chip Makes Key Distribution A Snap, ” Elec¬ 
tronics, Aug. 7, 1986, pp. 30-31. 


VOICE AND DATA COMMUNICATIONS ENCRYPTION DEVICES 


A number of commercial products, in the 
form of hardware devices or software packages, 
are available to encrypt voice and data com¬ 
munications. Software-based encryption is 
slower than hardware encryption and many 
security experts consider it to be relatively 
insecure (because, among other reasons, the 
encryption keys may be 'exposed' in the com¬ 
puter operations). Still, some commercial users 
prefer software encryption because it is rela¬ 
tively inexpensive, does not require additional 
hardware to be integrated into their operations, 
and is compatible with their existing equip¬ 
ment and operations. However, this section 
will deal only with hardware products, in large 
part because only hardware products have 
been certified for Government use. 


Since 1977, NBS has validated 28 different 
hardware implementations of the DES al¬ 
gorithm (in semiconductor chips or firmware), 
but NBS does not validate vendors' software 
implementations of the algorithm. I n 1982, the 
General Services Administration (GSA) issued 
Federal Standard 1027, 'Telecommunications: 
Interoperability and Security Requirements 
for Use of the DES, in the Physical Layer of 
Data Communications. " At present, equip¬ 
ment purchased by Federal agencies to pro¬ 
tect unclassified information must meet FS 
1027 specifications; vendors may submit prod¬ 
ucts built using validated DES chips or firm¬ 
ware to NSA for FS 1027 certification. NSA 
has a DES endorsement program to certify 
products for government use, but plans to dis- 
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continue this program on J anuary 1, 1988. As 
stated earlier in this chapter, DES products 
endorsed prior to this date can be used in¬ 
definitely .39 

Hardware encryption products use special 
semiconductor or firmware devices to imple¬ 
ment one or more encryption aigorithms. On¬ 
line encryption (in which data is encrypted as 
it is transmitted and decrypted as it is received, 
as opposed to off-line encryption in which plain¬ 
text is first encrypted and then stored for later 
transmission) can be implemented in two ways. 
In the first method, cailed end-to-end encryp¬ 
tion, synchronized encryption/decryption de¬ 
vices at the source and destination operate so 
that the transmitted information is encrypted 
and remains in its encrypted form throughout 
the entire communications path. I n the second 
method, called link encryption, the transmitted 
information is also encrypted at the source, and 


Harold E. Daniels, Jr., Deputy Director for Information 
Security, NSA, enclosure 3, page 4 in letter S-0033-87 to OTA, 
Feb. 12. 1987. 


PERSONAL IDENTIFICATION 

Background 

User verification measures aim to ensure 
that those who gain access to a computer or 
network are authorized to use that computer 
or network. Personai identification techniques 
are used to strengthen user verification by in¬ 
creasing the assurance the person is actually 
the authorized user.'^ 

User verification techniques typically em¬ 
ploy a combination of (usually two) criteria, 
such as something an individual has, knows, 
or is. Until recently, the "has" has tended to 
be a coded card or token, which couid be lost, 
stolen, or given away and used by an unauthor¬ 
ized individual; the "knows" a memorized pass- 


^Purists will that the “personal identification’ systems 
in common use do not actually identify a person, rather they 
recognize a user based on pm-enrolled characteristics. The term 
“identification” is commonly used in the industry, however. 


decrypted and then reencrypted at each inter¬ 
mediate communications node between the 
source and the uitimate destination. Thus, the 
information is encrypted, decrypted, and reen¬ 
crypted as it traverses each link along its com¬ 
munications path. 

By late 1986, the market research firm 
DataPro listed about 30 vendors that were 
marketing commercial encryption equipment, 
using the DES and/or proprietary algorithms, 
and operating at low or high data rates (de¬ 
pending on the product and vendor, encryp¬ 
tion data rates can range from about 100 bits 
per second up to 7 million bits per second). 
These vendors offer 40 or more commercial 
products or families of products, mostly for 
data encryption, aithough a few vendors offer 
products for voice encryption. Some vendors 
specialize in encryption-only products, while 
others are data communications service (turn¬ 
key) providers offering encryption products 
complementing the rest of their product line. 
Published prices range from $500 to several 
thousand dollars per unit, depending on data 
rate and other features. 


AND USER VERIFICATION 

word or personal identification number, which 
could be forgotten, stolen, or divulged to 
another; and the "is" a photo badge or signa¬ 
ture, which couid be forged. Cards and tokens 
also face the problem of counterfeiting. 

Now, new technoiogies and microelectronics, 
which are harder to counterfeit, are emerging 
to overcome the shortcomings of the earlier 
user verification methods. At the same time, 
these new techniques are merging the has, 
knows, or is criteria, so that one, two, or all 
three of these can be used as the situation dic¬ 
tates. Microelectronics can make the new user 
verification methods compact and portable. 
Electronic smart cards, for exampie, now carry 
prerecorded, usually encrypted, access control 
information that must be compared with data 
that the proper authorized user is required to 
provide, such as a memorized personal iden¬ 
tification number or biometric data iike a fin¬ 
gerprint or retinal scan. 
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Merging the criteria serves to authenticate 
the individual to his or her card or token and 
only then to the protected computer or net¬ 
work. This can increase security since, for ex¬ 
ample, one's biometric characteristics cannot 
easily be given away, lost, or stolen. Moreover, 
biometrics permit automation of the personal 
identification/user verification process. 

While false acceptances and false rqections 
can occur with any identification method, each 
technique has its own range of capabilities and 
attributes: accuracy, reliability, throughput 
rate, user acceptance, and cost. As with other 
security technologies, selecting an appropri¬ 
ate system often involves trade-offs. For one 
thing, elaborate, very accurate technical safe¬ 
guards are ineffective if users resist them or 
if they impede business functions. The cost and 
perceived intrusiveness of a retina scanner 
might be acceptable in a high-security defense 
facility, for example, but a relatively low- 
security site like a college cafeteria might sac¬ 
rifice high reliability for the lower cost, higher 
throughput rate, and higher user acceptance 
of a hand geometry reader. In banking, where 
user acceptance is extremely important, sig¬ 
nature dynamics might be the technology of 
choice. In retail sales, a high throughput rate 
is extremely important and slower devices 
would not be acceptable. 


dal needs. I n the area of biometrics, vendors 
have formed an industry association. The In¬ 
ternational Biometrics Association is begin¬ 
ning to address industry issues including per¬ 
formance and interface standards and testing 
and has a standing committee on standards 
and technical support. 

In short, the new access control technologies 
are moving toward the ideal of absolute per¬ 
sonal accountability for users by irrefutably 
tying access and transactions to a particular 
individual. Some enthusiasts and industry ex¬ 
perts foresee great and pervasive applications 
for some of the access control technologies, 
even to their evolution into nonsecurity appli¬ 
cations, such as multiple-application smart 
cards (see above). H owever, a given set of ac¬ 
cess control technologies cannot, in them¬ 
selves, fix security problems "once and for all. ” 
Changes in information and communication 
system infrastructures can eventually under¬ 
mine previously effective safeguards. There¬ 
fore, safeguards have a life cycle. It is the com¬ 
bination of attributes, of the safeguard 
technique, and of the system it seeks to pro¬ 
tect that determines the useful life of a 
safeguard. 

Conventional Access Controls 
Password-Based Access Controls 


Access control technologies will evolve for 
niche markets. Successful commercial prod¬ 
ucts for the defense and civilian niches will look 
very different. As of early 1987, there were no 
specific performance standards for most of 
these user verification technologies, but it is 
likely that these will be developed. One incen¬ 
tive for the development of access control 
standards, at least for the Government mar¬ 
ket, is the access control objectives specified 
in the so-called "Orange Book. "4'The devel¬ 
opment of user verification technologies, how¬ 
ever, is being driven significantly by commer- 

Department of Defense Trusted Computer System Evalu¬ 
ation Criteria. Department of Defense Standard DOD 5200.28 - 
STD, December 1985. Section 7.4 of the Orange Book specifies 
that individual accountability must be ensured whenever clas¬ 
sified or sensitive information is processed. This objective en¬ 
compasses the use of user verification, access control software, 
and audit trails. 


The earliest and most common forms of user 
verification are the password or password- 
based access controls. The problem is that 
passwords can be stolen, compromised, or in¬ 
tentionally disclosed to unauthorized parties. 
In addition, trivial passwords can easily be 
guessed and even nontrivial ones can be bro¬ 
ken by repeated attack.''^Once stolen or com- 


Tommon password misuses include sharing one's password 
with other users (including friends or co-workers), writing down 
the "secret series of letters or numbers for reference and stor¬ 
ing it in an unsecuro place (examples of this abound, including 
writing passwords or identification numbers on the terminals 
themselves or on desk blotters, alendars, etc, or storing them 
in wallets or desk drawers), and permitting others to see the 
log-on/authorization code being k^ed in at the terminal. Some 
password schemes allow users to select their own passwords; 
while this increases the secrecy of the passwords because they 
are known only by the users, trivial password choices an re¬ 
duce security if the passwords are easy to guess (examples of 
trivial passwords would be a pet name, a birthdate, or license 
plate number). 
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promised, passwords can be disclosed widely 
or even posted on electronic bulletin boards, 
resulting in broad exposure of a system to un¬ 
authorized access. If operating system secu¬ 
rity is poor, one user who unilaterally com¬ 
promises his or her own password can 
compromise the whole system. An even more 
serious weakness is that, because there may 
be no tangible evidence of a security breach, 
a compromised password can be misused over 
and over until either the password is routinely 
changed, its compromise is discovered, or other 
events occur (e.g., data are lost or fraudulently 
changed). To avoid some of these problems, 
many modern systems use special procedures 
to frustrate repeated incorrect attempts to log 
on. 

Until the last decade or so all access points 
to computer systems could be physically iden¬ 
tified, which simplified the system administra¬ 
tor's job of controlling access from them. In 
addition, users could be easily defined and their 
terminals had limited capabilities. A network 
of this type is shown in figure 17. 

Now, new network configurations have 
emerged, characterized by personal computers 


linked to local area networks and connected 
by fixed and/or public switched telephone lines, 
as shown in figure 18. Users can readily ex¬ 
tend the network by connecting modems to 
personal computers for pass-through access. 

As a result, it is no longer possible to iden¬ 
tify all access points. Communication nodes 
are no longer controlled exclusively by the 
organization when, for example, authorized 
users need to gain access from remote loca¬ 
tions. While pass-through techniques facilitate 
access by authorized users, they can also be 
misused. For example, under some circum¬ 
stances they can be used to defeat even such 
security techniques as call-back modems. With 
the increased number of network access points, 
the intrinsic weaknesses of the password fur¬ 
ther exacerbate the system's vulnerabilities. 

Token-Based Access Controls 

Network evolution, therefore, has made user 
identification and authentication even more 
critical. Some of the new access-control tech¬ 
nologies can see through the communications 
network to the end user to authenticate him 
or her—at least as the "holder' of the proper 


Figure 17.—A Description of the Past Network Environment 



In the past network environment, control of all network resources resided with systems profes¬ 
sionals. Typically, fixed-function terminals were direct-connected to the mainframe or a termi¬ 
nal controller. The communications parameters were specified through tables in the network 
control program (NCP), also under the direction of the systems group. As a result, the network 
was totally under the custodianship of systems professionals. 

SOURCE Ernst & Whtnney, prepared under contract to OTA, November 1986 
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Figure 18.— A Description of the Current/Future Network Environment 



In the current/future network environment, systems professionals still control direct connection to the mainframe, Through 
the network control program (NCR), they maintain the communications parameters that control the access through the devices 
directly connected to the mainframe. However, the nature of these devices is changing dramatically. Instead of fixed-function 
terminals, they now consist of departmental minicomputers, local area network (LAN) gateways, and personal computers. All 
of these devices have the capability to expand the network beyond the scope of mainframe control. This environment invali¬ 
dates many of the premises upon which conventional access control mechanisms, such as passwords and call-back modems, 
were based. 


SOURCE Ernst & Whinney prepared under contract to OTA, November 1986 


token—regardless of his or her physical loca¬ 
tion. Within the limitations of current tech¬ 
nology, token-based systems are best used in 
combination with a memorized password or 
personal identification number identifying the 
user to the token. 

I n contrast to the password, token-based 
systems offer significantly greater resistance 
to a number of threats against the password 
system. M any token-based systems are com- 
mercially available. By December 1986, two 


of these had been evaluated by NSA's National 
Computer Security Center (NCSC) and ap¬ 
proved for use with the access control software 
packages on NCSC's Evaluated Products List. 
(See ch. 5 for a discussion of NSA's programs.) 

Token-based systems do much to eliminate 
the threat of external hackers. Under the token- 
based system, the password has become a one¬ 
time numeric response to a random challenge. 
The individual's memorized personal identifi¬ 
cation number or password to the token itself 


7'>-9:n 0 - 8Y - i 
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may be trivial, but the external hacker will or¬ 
dinarily not have physical access to the device, 
which is usually designed to be tamper- 
resistant and difficult to counterfeit. 

Hackers also have been known to make 
repeated tries at guessing passwords, or make 
use of overseen, stolen, or borrowed passwords. 
Repeated attack of the password to the host 
is also thwarted because this password is a ran¬ 
dom number and/or an encryption-based, one¬ 
time response from the token. The onetime na¬ 
ture of the host password also eliminates its 
compromise through observation, open dis¬ 
play, or any form of electronic monitoring. As 
soon as a response is used, it becomes invalid. 
A subsequent access request will result in a 
different challenge from the host and a differ¬ 
ent required response from the token. An in¬ 
dividual user can still unilaterally compromise 


the authentication process by giving away his 
or her token and memorized identification num¬ 
ber. However, in this case, that individual no 
longer has access. In this way, the loss of a 
token serves as a warning that authentication 
may be compromised. 

The see-through token (figure 19), used with 
a password, is an active device requiring com¬ 
plementary user action. Systems of this type 
currently on the market do not physically con¬ 
nect to a terminal, but instead provide a one¬ 
time user password for each access session. 
Tamper-proof electronics safeguard against re¬ 
verse engineering or lost or stolen tokens. Some 
versions of these devices can challenge the 
host, effectively countering attempts at 
spoofing. 

Two types of see-through tokens are cur¬ 
rently available from several vendors: auto- 


Figure 19.—The Mechanics of See-Through Security 

AUTHENTICATION 

DEVICE 



Typical flow of events in a see-through security authentication session 

1. User requests access to host through terminal or PC; enters user ID. 

2. Host calculates random number (challenge) and transmits it to terminal. 

3. User identifies himself to authentication device by entering Personal Identification Number (PIN), or through biometric iden¬ 
tification. 

4. User enters challenge from host into authentication device. Device uses the security algorithm and the user seed (both in 
device memory and inaccessible to the user) to calculate a numeric response. 

5. User sends numeric response to host via the terminal. 

6. Host calculates a response using the same challenge number, the security algorithm, and the user’s seed from the security 
database. Host compares its response to user response, and grants or denies access. 


SOURCE Ernst &Whinney, prepared under contract to OTA, November 1986 






Ch. 4—Security Safeguards and Practices • 77 


matic password generators, synchronized with 
the host, and challenge/response devices, using 
numerical key pads or optical character 
readers. According to some security consul¬ 
tants, these see-through techniques will be 
commonplace by the 1990s.''^ 

Incorporating biometrics into these tech¬ 
niques will produce powerful safeguards, but 
there are associated risks. If biometric tem¬ 
plates or data streams containing biometric 
information are compromised, the implications 
can be quite serious for the affected individ¬ 
uals because the particular measurements be¬ 
come invalid as identifiers. These risks can be 
minimized by properly designing the system 
so that biometric data are not stored in a cen¬ 
tral file or transmitted during the user verifi¬ 
cation procedure (as they would be in a host- 
based lookup mode). For many, therefore, the 
preferred operation for biometrics would be in 
a stand-alone mode, with the user carrying a 
biometric template in a token (like a smart 
card). However, tokens can be lost or stolen, 
and placing the biometric template on the to¬ 
ken removes it from direct control by system 
security personnel. For these reasons, some in¬ 
stallations, especially very hIgh-security facil¬ 
ities using secure computer operating systems, 
may prefer host-based modes of operation. Fig¬ 
ure 20 illustrates the differences between host- 
based and stand-alone modes for biometrics. 

Biometric and Behavioral 
Identification Systems 

There are three major classes of biometric- 
based identification systems that are commer¬ 
cially available for user verification and access 
control. Since each of these systems is based 
on a different biometric principle, they vary 
widely in their technologies, operation, ac¬ 
curacy, and potential range of applications. 
The three classes are based on scans of retinal 
blood vessels in the eye," hand geometry. 


^‘Robert G. Anderson, David C. Clark, and David R. Wilson, 
“See-Through Securitv, ” M/S Week, Apr. 7, 1986. 

According Personal Identification News, February iy© 

a patent has been issued for another type of eye system based 
on measurements of the iris and pupil (Leonard Flom and Aron 
Safir, U.S. Patent 4,641,349, Feb. 3, 1987). 


and fingerprint identification. In addition, 
there are currently three classes of physio¬ 
logical-behavioral identification systems based 
on voice identification, keystroke rhythm, and 
signature dynamics. Most systems incorporate 
adaptive algorithms to track slow variations 
in users physical or behavioral characteristics. 
Although these adaptive features reduce the 
rate of false rejections, some can be exploited 
by imposters. Most systems also allow the pre¬ 
set factory threshold levels for acceptance and 
rejection to be adjusted by the user. Tables 
5 and 6 illustrate some of the characteristics 
of biometric and behavioral technologies. 

Biometrics is currently in a state of flux: 
technologies are advancing rapidly, firms are 
entering and leaving the marketplace, and new 
products are being tested and introduced. 
These technologies are being developed and 
marketed by a relatively large group of firms— 
28 at the end of 1986—some are backed by ven¬ 
ture capital, and some are divisions of large 
multinational corporations. Many other com¬ 
panies were doing preliminary work in biomet¬ 
ric or behavioral techniques. Therefore, these 
tables and the following discussions of biomet¬ 
ric identification systems represent only a 
snapshot of the field. 

There Is evidence of growing Interest In bio¬ 
metrics on the part of some Federal agencies. 
According to Personal Identification News, de¬ 
fense and intelligence agencies conducted more 
than 10 biometric product evaluations in 
1986 .^^ 

Retina Blood Vessels 

Retina-scanning technology for personal 
identification is based on the fact that the pat¬ 
tern of blood vessels in the retina is unique for 
each individual. No two people, not even iden¬ 
tical twins, have exactly the same retinal vas¬ 
cular patterns. These patterns are very stable 
personal characteristics, altered only by seri¬ 
ous physical injury or a small number of dis¬ 
eases, and are thus quite reliable for biomet¬ 
ric identification. Factors such as dust, grease. 


“Personal Identification News, Janusury 1987, p. 2. 
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Figure 20. —Biometric Identification Configuration Alternatives: Host-Based v. Stand-Alone 

HOST-BASED BIOMETRICS 



PATH OF BIOMETRIC INFORMATION 


Description of authentication session 

The user requests host access through the terminal, and enters his user ID. The host requests biometric authentication. 
The user enters the biometric information into the biometric device. The biometric data is transmitted to the host, where it 
is compared with the biometric data on file in the biometric datafile. Access is granted or denied. 

Pros: 

The user can gain access through any biometric device connected to the appropriate host. The device can be associated 
with terminals instead of users. An organization may require fewer devices i n this’ mode, and the devices do not need to be 
portable. 

Cons: 

The biometric Information can be compromised in transmission or storage. Encrypted information can be diverted and at¬ 
tacked cryptologically. 


STAND-ALONE BIOMETRICS 



PATH OF BIOMETRIC INFORMATION 


Description of authentication session 

The user requests host access through the terminal, and enters his user ID. The host calculates a random challenge and 
sends the challenge to the user terminal. The user identifies himself to the biometric see-through device through biometric 
input. The user then enters the random challenge into the device. The device calculates a response based on the algorithm 
and the user’s algorithm seed. The user enters the response into the terminal for transmission to the host. The host performs 
the same calculations, obtaining the user’s algorithm seed from the algorithm seed data file, and compares the responses. 
Access is granted or denied. 

Pros: 

No transmission or remote storage of the biometric information is required; the information is only maintained locally in 
the device itself. Also, the device does not need to be designed for connection to any particular terminal. 

Cons: 

Individual biometric devices are needed for each user, and the devices must be portable. This could result in an expensive 
implementation. Also, administrative issues may be more difficult to resolve in the stand-alone configuration. For example, 
a device malfunction may result in access denied to a user; in the host-based configuration, the user would gain access through 
an alternate device. 

SOURCE Ernst & Whinney, prepared under contract to OTA November 1986 






Table 5.—Major Characteristics of Automated Biometric Identification Types 



Eye retinal 

Finger print 

Hand geometry 

Voice 

Keystroke 

Signature 

Stability of measure (period) 

Life 

Life 

Years 

Years 

Variable 

Variable 

Claimed odds of accepting an im¬ 
poster (technically achievable 
without a high rate of false re¬ 
jections) 

1 in billions 

1 in millions 

1 in thousands 

1 in thousands 

1 in a thousand 

1 in hundreds 

Ease of physical damage- 

Difficult-a few diseases 

Happens-cuts, dint. 

Happens-rings, swollen 

Happens-colds, aller¬ 

Happens-emotions, 

Happens-stress, posi¬ 

sources of environmentally 
caused false rejects 


burns 

fingers or joints, sprains 

gies, stress 

fatigue, learning curve 
for device 

tion of device 

Perceived intrusiveness of 

measure 

Extreme to a small por¬ 
tion of population 

Somewhat 

Modest 

Modest 

None 

Modest 

Privacy concerns; surreptitious 

Not feasible to do a scan 

Data base can be com¬ 

Not a problem 

Measurement can be 

Measurement can be 

Behavior IS already 

use of measure 

surreptitiously 

pared to law enforcement 
files 


transparent to user 

transparent to user 

recognized as an ID 
function 

Intrapersonal variation (chance of 
a false rejection, given training 
and experience in use) 

Low 

Low 

Low 

Moderate 

Moderate 

Moderate 

Size of data template on current 
units 

35 bytes 

Several hundred to 
several thousand bytes 

18 bytes to several 
hundred bytes 

Several hundred bytes 

Several hundred bytes 

50 bytes to several 
hundred bytes 

Throughput time (note: level of 
security affects processing time) 

2 to 3 seconds 

4 to 5 seconds 

3 to 4 seconds 

3 to 5 seconds 

Continuous process 

2 to 5 seconds 

Cost range of products on the 
market (depends on configu¬ 
ration 

$6,000 to $10,000 

$3,500 to $10,000 

$2,800 to $8,000 

$1,500 to $5,000 per 
door 

$250 per terminal and 
up 

$850 to $3,500 

Development goal for cost per 
workstation (by 1990) 

$2,000 

$2,000 

jioo to $1,000 

$100 to $250 

$1004750 

$300 to $500 

Approximate number of patents 
outstanding 

Less than 10 

50 

30 

20 plus 

Less than 10 

100 

Approximate number of firms in 

l(o) 

LO 

no 

2(4) 

2 (4) 

1 (1) 

3(4) 


market with products or proto¬ 
types as of summer 1986 (num¬ 
ber with prototypes in 
parentheses) 


NOTE Other biometric PIDs under development include wrist vein, full-face, brainwave skin 011, and weight/gait devices 
SOURCE Benjamin Miller prepared under contract to OTA October 1986 Oata update as of April 1987 
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Table 6.—Configurations and Applications of Biometric Devices 


Configurations 

Off-line: On-line' Applications 

_ reference templates stored _ host' Physical Computer Law Financial 

In device On mag stripe On I.C. card data base security security enforcement transaction 


Eye/retina.U — B u u B B — 

Fingerprint.D — u u u u D 

Hand geometry.B u “ u u “ — 

Voice.D — D u u B — D 

Keystroke dynamics.B — B B — D 

Signature.D U B u U u — B 


U = In regular use by industry or Government 
B = In Beta test use by industry or Government 
D = In Development 

SOURCE: Benjamin Miller, prepared under contract to OTA, October 1986. Data updated as of April 1987, 


and perspiration that can make fingerprint 
techniques difficult do not affect retinal scan¬ 
ning, and injuries to the hand or fingers are 
more common than severe eye injuries. 

At present, only one firm produces a retina¬ 
scanning identification device. One of its cur¬ 
rent models, mainly used for physical access 
control, was introduced in September 1984. 
Subjects look into an eyepiece, focus on a visual 
alignment target, and push a button to initi¬ 
ate the scan (done using low-intensity infrared 
light). The retinal pattern scanned is compared 
with a stored template and identification is 
based on a score that can range from - 1 to 
+1, depending on the degree of match. A new, 
low-cost version introduced at the end of 1986, 
uses a hand-held unit (the size of a large paper¬ 
back book). It is intended for controlling ac¬ 
cess to computer terminals. 

Potential applications are varied, but early 
purchasers are using the system for a range 
of uses, from physical access control to em¬ 
ployee time-and-attendance reporting. Instal¬ 
lations for physical access control have in¬ 
cluded a national laboratory, banks, a state 
prison, office buildings, and hospital pharmacy 
centers. According to the trade press, 300 units 
of the system had been shipped to end-users, 
original equipment manufacturers, and dealers 
by early 1986.'^Some overseas users are also 
beginning to order the systems. 


Personal Identification News, April 1986. 


While retina scanning is fast, accurate, and 
easy to use, anecdotal reports suggest that the 
technique is perceived as being personally more 
intrusive than other biometric methods. Never¬ 
theless, at the end of 1986, retinal technology 
accounted for the largest installed base of bio¬ 
metric units.* 

Hand Geometry 

Several techniques for personal identifica¬ 
tion using aspects of hand geometry were under 
development or in production as of early 1986. 
First developed in the 1970s, more than 200 
hand geometry devices are in use nationwide. 

The oldest hand geometry technique was 
based on the length of fingers and the thick¬ 
ness and curvature of the webbing between 
them. Other techniques use the size and propor¬ 
tions of the hand or the distances between the 
joints of the fingers, infrared hand topogra¬ 
phy, palm print and crease geometry, or trans¬ 
verse hand geometry (viewing the sides of the 
fingers to measure hand thickness as well as 
shape). Some of these techniques combine the 
biometric measurement with a personal iden¬ 
tification number. The biggest measurement 
problems with these devices involve people 
who wear rings on their fingers or whose 
fingers are stubbed or swollen. 

The use of hand geometry systems was 
limited initially to hIgh-security Installations 
because of the cost and physical size of the 

Personal Identification News, January 1987. P- 3. 
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equipment. However, technological advances 
have lowered equipment cost and size, thus ex¬ 
tending the market to medium-security facil¬ 
ities, such as banks, private vaults, university 
food services, and military paycheck disburs¬ 
ing. According to vendors, users include insur¬ 
ance companies, a jai alai facility, engineering 
firms, and corporate offices. At the same time, 
more sophisticated systems being developed 
for high-security areas, such as military and 
weapons facilities, use a television camera to 
scan the top and side of the hand. 

Fingerprints 

Fingerprints have been used to identify in¬ 
dividuals since the mid-1800s.*Manual fin¬ 
gerprint identification systems were based on 
classifying prints according to general char¬ 
acteristics, such as predominant patterns of 
loops, whorls, or arches in the tiny fingerprint 
ridges, plus patterns of branches and termi¬ 
nations of the ridges (called minutiae). Finger¬ 
print file data were obtained by using special 
ink and a ten-print card; fingerprint cross¬ 
checking with local and national records was 
done manually. The cross-checking process be¬ 
gan to be automated in the late 1960s and by 
1983 the Federal Bureau of Investigation (FBI) 
had converted all criminal fingerprint searches 
from manual to automated operations, 'g 
Some State and local law enforcement agen¬ 
cies are also beginning to automate their fin¬ 
gerprint records at the point of booking. 

Several firms sell fingerprint-based systems 
for physical access control or for use in elec¬ 
tronic transactions. The systems generally 
operate by reading the fingerprint ridges and 
generating an electronic record, either of loca¬ 
tion of minutia points or as a three-dimen¬ 
sional, terrain-like image. The scanned live 
print is compared with a template of the user's 

'^For a complete discussion of fingerprint identification tech¬ 
niques, see: "Fingerprint Identification, " U.S. Department of 
Justice, Federal Bureau of Investigation (rid); and The Science 
of Fingerprints, U.S. Department of Justice, Federal Bureau 
of Investigation, (Washington, DC: U.S. Government Printing 
Office, Rev. 12/84). 

‘UharlesD. Neudorfer, “Fingerprint Automation: Progress 
in the FB l‘s Identification Division, FBI Law Enforcement 
Bulletin, March 1986. 


prerecorded print. The user is verified if the 
recorded and live print match within a prede¬ 
termined tolerance. Alternative modes of oper¬ 
ation use an individual password, identifica¬ 
tion number, or a smart card carrying the 
template fingerprint data. Costs vary accord¬ 
ing to the system configuration, but they are 
expected to fall rapidly as more systems are 
sold and as very large scale integrated (VLSI) 
technology is used. 

By mid-1986, about 100 fingerprint-based 
systems had been installed, mostly in high- 
security facilities where physical access or sen¬ 
sitive databases must be reliably controlled. 
Some units, however, have been installed in 
health clubs, banks, and securities firms, ei¬ 
ther to control access or for attendance report¬ 
ing. Also, firms are beginning to find overseas 
markets receptive. Potential applications will 
be wider as the price and size of the systems 
decrease. The bulk of near-term applications 
are expected to be mainly for physical access 
control, but work station devices are 
progressing. 

Voice Identification 

Subjective techniques of voice identification 
—listening to speakers and identifying them 
through familiarity with their voices—have 
been admissible evidence in courts of law for 
hundreds of years.'" More recently, technical 
developments in electronics, speech process¬ 
ing, and computer technology are making 
possible objective, automatic voice identifica¬ 
tion, with several potential security applica¬ 
tions and important legal implications.'^The 
sound produced by the vocal tract is an acous- 

'•'^Historical and theoretical discussion of voice identification 
and its legal applications can be found in: Oscar Tosi, Voice 
Identification: Theory and Legal Applications I Baltimore, M D: 
University Park Press, 1979). 

‘*Although courts in several jurisdictions have ruled that 
voiceprints are scientifically unreliable, courts in some States, 
including Maine, Massachusetts, and Rhode Island, consider 
them to be reliable evidence. A recent ruling by the Rhode Is¬ 
land Supreme Court allowed a jury to consider evidence of voice- 
print comparisons and to decide itself on the reliability oUhat 
evidence, noting that, ‘The basic scientific theory involved is 
that every human voice is unique and that the qualities of unique¬ 
ness can be electronically reduced . . .‘ (State v. Wheeler,84- 
86-C, A., July 29, 1985). Source: Privacy Journal, August 1985. 
p.2. 
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tic signal with a phonetic and linguistic pat¬ 
tern that varies not only with the speaker's 
language and dialect, but also with personal 
features that can be used to identify a particu¬ 
lar speaker. 

Voice recognition technology has been 
around for sometime,"^ but personal identifi¬ 
cation systems using it are just beginning to 
reach the market, mainly because of the for¬ 
merly high cost and relatively high error 
rates.'^Some large electronics and communi¬ 
cations firms have experimented with voice 
recognition systems for many years, but are 
just now developing systems to market." 

An important distinction should be made 
here between technologies to understand 
words as spoken by different individuals 
(speech recognition) and technologies to under¬ 
stand words only as they are spoken by a sin¬ 
gle individual (speech verification). Voice iden¬ 
tification systems are based on speech 
verification. They operate by comparing a 
user's live speech pattern for a preselected 
word or words with a pre-enrolled template. 
If the live pattern and template match within 
a set limit, the identity of the speaker is veri¬ 
fied. Personal identification numbers are used 
to limit searching in the matching process. 
According to manufacturers and industry 
analysts, potential applications include access 
control for computer terminals, computer and 
data-processing facilities, bank vaults, secu¬ 
rity systems for buildings, credit card author¬ 
ization, and automatic teller machines. 

Signature Dynamics 

A person's signature is a familiar, almost 
universally accepted personal verifier with 
well-established legal standing. However, the 
problem of forgery—duplicating the appear- 


•'’^The basics of most voice systems can be traced to work 
over the past 20 years at AT&T Bell Laboratories. Personal 
Identification News, October 1985. 

'■^^See Tosi, “Fingerprint Identification, ” U.S. Department of 
Justice, Federal Bureau of Investigation (rid); and The Science 
of Fingerprints, U.S. Department of Justice, Federal Bureau 
of Investigation (Washington, DC: U.S. Government Printing 
Office, Rev. 12/84), ch. 2. 

“Personal Identification News, January 1986. 


ance of another person's signature-raises sub¬ 
stantial barriers to the use of static signatures 
(i.e., recognizing the appearance of the signed 
name) as a secure means of personal identifi¬ 
cation. 

Newer signature-based techniques use dy¬ 
namic signature data that capture the way the 
signature is written, rather than (or, in addi¬ 
tion to) its static appearance, as the basis for 
verification. The dynamics include the timing, 
pressure, and speed with which various seg¬ 
ments of the signature are written, the points 
at which the pen is raised and lowered from 
the writing surface, and the sequence in which 
actions like dotting an "i" or crossing a 't' 
are performed. These actions are very idiosyn¬ 
cratic and relatively constant for each individ¬ 
ual, and are very difficult to forge.*'" 

A number of companies have researched sig¬ 
nature dynamics over the past 10 years and 
several have produced systems for the mar¬ 
ket. The systems consist of a specially in¬ 
strumented pen and/or a sensitive writing sur¬ 
face. Data are captured electronically and 
processed using proprietary mathematical al¬ 
gorithms to produce a profile that is compared 
with the user's enrolled reference profile or tem¬ 
plate. The systems work with an identification 
number or smart card identifying the profile 
and template to be matched. 

Prices for these systems are relatively low 
compared with some other identification tech¬ 
nologies. Combined with the general user 
acceptability of signatures (as opposed, say, 
to fingerprinting or retinal scans), this is ex¬ 
pected to make signature dynamics suitable 
for a wide range of applications."®Potential 
financial applications include credit card trans¬ 
actions at the point of sale, banking, automatic 
teller machines, and electronic fund transfers. 
Systems are currently being tested in bank- 


“Several signature dynamics systems have adaptive fea¬ 
tures that can allow a person’s signature to vary slowly over 
time; enrollment procedures require several signatures to set 
the reference signature profile and users are permitted more 
than one (usually two) signature attempts for identification. 

■’‘^George Warfel, “Signature Dynamics: The Coming ID 
Method, Data Processing and Communications Security, vol. 
8, No. 1. (n.d.) 
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ing (check cashing) and credit card applica¬ 
tions, where they might eventually replace dial¬ 
up customer verification systems. "'Systems 
connected to a host computer could also pro¬ 
vide access control as well as accountability 
and/or authorization for financial transactions 
and controlled materials, among other uses. 

Kaboard Rhythm 

Early work, beginning in the 1970s, on user 
verification through typing dynamics was done 
by SRI International and, with National Sci¬ 
ence Foundation (NSF) funding, the Rand 
Corp.'^ln 1986, two firms were developing 
commercial personal identification systems 
based on keyboard rhythms for use in control¬ 
ling access to computer terminals or microcom¬ 
puters, including large mainframe computers 
and computer networks. One of the fi rms ac- 
quired the keystroke dynamics technology 
from SRI International in 1984 and contracted 
with SRI to develop a product line. In 1986, 
the firm reported that it was developing 11 
products configured on plug-in printed circuit 
boards and that it planned to test these prod¬ 
ucts in several large corporations and Govern¬ 
ment agencies in 1987. By mid-1987, the firm 
had contracts with over a dozen Fortune 500 
corporations and five Government agencies to 
test its products.”" A researcher in the second 


bid. 

’^R. Stockton (iaines,William Lisowski, S. James Press, and 
Norman Shapiro, "Authentication by Keystroke Timing: Some 
Preliminary Results, ” R-2526 -N' SF. The RAND Corp., Santa 
Monica, CA, May 1980. 

“’Rob Hammon, International Bioaccess System Corp., per¬ 
sonal communications with OTA staff, Aug. 4, 1987. 


firm, who had received an NSF grant in 1982 
to investigate typists' "electronic signatures, " 
formed a venture corporation in 1983 to com¬ 
mercialize an access control device based on 
the technique. Fie was awarded a patent in late 
1986. 

Keyboard-rhythm devices for user verifica¬ 
tion and access control are based on the prem¬ 
ise that the speed and timing with which a per¬ 
son types on a keyboard contains elements of 
a neurophysiological pattern or signature that 
can be used for personal identification.“The 
stored "user signature" could be developed ex¬ 
plicitly or so that it would be transparent to 
the user—perhaps based on between 50 and 
100 recorded log-on accesses or 15 to 45 min¬ 
utes of typing samples if done openly and 
explicitly, or based on several days of normal 
keyboard work if done transparently (or sur¬ 
reptitiously). The stored signature could be up¬ 
dated periodically to account for normal drifts 
in keyboard rhythms. These types of devices 
might be used only at log-on, to control access 
to selected critical functions, or to prevent 
shared sessions from occurring under one user 
log-on. The prices of these systems depend on 
their configuration: current estimates range 
from $1,000 for a card insert for a host com¬ 
puter capable of supporting several work sta¬ 
tions to $10,000 for a base system that could 
store 2,000 user signature patterns and sup¬ 
port four channels that communicate simul¬ 
taneously. 

^'^Some SpGCUlate that this nnethod would only be effective 
for experienced typists, rather than erratic *’hunt and peck’” 
novices, but at least one of the firms claims that the method 
can be implemented for use by slow or erratic typists as well. 


ACCESS CONTROL SOFTWARE AND AUDIT TRAILS 


Once the identity of a user has been verified, 
it is still necessary to ensure that he or she has 
access only to the resources and data that he 
or she is authorized to access. For host com¬ 
puters, these functions are performed by ac¬ 
cess control software. Records of users' ac¬ 
cesses and online activities are maintained as 
audit trails by audit software. 


Flost Access Control Software 

To provide security for computer systems, 
networks, and databases, user identifications 
and passwords are commonly employed with 
any of a number of commercially available add¬ 
on software packages for host access control. 
Some have been available since the mid-to-late 
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Box D—Host Access Control Software 

A number of host access control software packages are commercially available that work with 
a computer's operating system to secure data and the computing resources themselves. Access con¬ 
trol software is designed to offer an orderly method of verifying the access authority of users. As 
such, it can protect the system, its data, and terminals from unauthorized users and can also protect 
the system and its resources from unauthorized access to sensitive data and from errors or abuses 
that could harm data integrity. 

Access control software intercepts and checks requests for system or database access; the vari¬ 
ous commercial packages vary in the ways they check requirements for authorized access. Most 
require both user identification and a password to allow access; the user's identification determines 
his or her level of access to the system hardware and files. Passwords may be changed from time 
to time, or even (in some systems) encrypted. To prevent unauthorized users from guessing pass¬ 
words, most of these systems limit the number of incorrect access attempts before logging the user 
off and sending a security alert message (including the user's identification number). Some pack¬ 
ages generate their own passwords; these tend to be more difficult for intruders to guess, but also 
are more difficult for authorized users to remember. The data files containing user identification 
numbers and passwords are critical to system security because knowledge of correct identification 
number and password combinations would allow anyone access to the system and its most sensitive 
files. Therefore, some access control packages do not allow even security administrators to know 
user passwords—users set up their own, or the system generates the passwords, which may change 
frequently. The structure of system-generated passwords is being studied to make them easier to 
remember. 

Access control software packages allow for audit features that record unauthorized access at¬ 
tempts, send violation warning messages to security, and/or log the violator off the system. Other 
audit features include keeping a log of users' work activities on a daily basis, printing reports of 
use and violation attempts, and allowing security officers to monitor users' screens. These packages 
can also be used in conjunction with special facility-specific security access controls implementing 
other restrictions (time-of-day, database, file, read-only, and location/terminal) written in custom 
code to fit the application environment. Versions of access control software packages are currently 
available to protect a variety of manufacturers' mainframe operating systems and minicomputers. 

Development of software for commercial host access control began in the early 1970s. Currently, 
there are more than 24 software packages from different vendors. These packages are designed to 
work with a variety of host configurations (CPU, operating system, storage space, interfaces to 
other system software). 

SOURCE: DataPro Research Corp., "All About Host Access Control Software, " 1S5'2-001, J une 1985, 


1970s. (See box D.) As of 1986, three access 
control software packages were market lead¬ 
ers: RACF, with some 1,500 installations since 
1976; ACF2, developed by SKK, Inc, and mar¬ 
keted by the Cambridge Systems Group, with 
more than 2,000 installations since 1978; and 
Top Secret, marketed by the CGA Software 
Products Group, with more than 1,000 pack¬ 
ages installed since 1981.®' 


“DataPro, reported in Government Computer News, Dec. 5, 
1986, p. 40. 


I n all, more than two dozen software pack¬ 
ages are being marketed, some for classified 
applications. These packages vary widely in 
their range of capabilities and applications, and 
are usually either licensed with a one-time fee 
or leased on a monthly or yearly basis. Fees 
and maintenance can range from several hun¬ 
dred dollars up to $50,000 per year. 

I nstead of the "add-on" software packages 
mentioned above, the operating systems of 
many computers include some level of access 
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control built into the basic system software. 
Most of the built-in systems offer features com¬ 
parable to the add-on systems designed for 
commercial use.“ The number of new com¬ 
puter operating systems incorporating access 
control and other security features is expected 
to increase. 

Commercial access control software pack¬ 
ages commonly rely on users memorizing their 
identification numbers or passwords keyed 
into the terminal. Thus, they tend to rely on 
the "something known" criterion for security. 
They also tend to permit a single individual-in 
principle, the security officer-access to the 
central files containing users' authorization 
levels and, although less prevalent in newer 
systems, their users' passwords. A character¬ 
istic of the higher security packages is that 
they are designed for applications in which 
users with varying levels of authorization are 
using a system containing information with 
varying degrees of sensitivity. An example is 
a system containing classified information, 
where some is classified "confidential" and 
some "secret." 

NSA's National Computer Security Center 
(NCSC) has provided Federal agencies with cri¬ 
teria to evaluate the security capabilities of 
trusted computer systems. According to the 
NCSC definition, a trusted computer system 
is one that employs sufficient hardware and 
software integrity measures to allow its use 
for processing simultaneously a range of sen¬ 
sitive or classified information. The trusted 
system criteria contained in the so-called 
"Orange Book, “ developed by NSA, define 
four classes of security protection. These range 


“S. Lipner, personal communication with OTA staff, Dec. 
24. 1986. , ^ , 

^^Department of Defense Trusted Computer System i^vaJu- 

ation Criteria, Department of Defense Standard DoD 5200.28- 
STD, December 1985. Two companion DoD documents (“Yel¬ 
low Books”) summarize the technical rationale behind the com¬ 
puter security requirements and offer guidance in applying the 
standard to specific Federal applications: Computer Security 
Requirements-Guidance for Applying the Department of De¬ 
fense Trusted Computer System Evaluation Criteria in Specific 
Environments, CSC-STD-O03-85, June 25, 1985; and Technical 
Rationale Behind CSC-STD-003-85: Computer Security Require¬ 
ments, CSC-STD-004-85, June 25, 1985. 


from Division D (minimal protection) up 
through Class Al of Division A (verified pro¬ 
tection). NCSC also evaluates access control 
software products submitted by vendors and 
rates them according to the Orange Book cat¬ 
egories. The evaluations are published in the 
Evaluated Products List, which is made avail¬ 
able by NCSC to civilian agencies and the pub¬ 
lic. As of May 1987, eight products had re¬ 
ceived NCSC ratings and more than 20 others 
were being evaluated. 

Despite their importance to host computer 
security, particularly for classified applica¬ 
tions, a detailed look at trusted operating sys¬ 
tems is beyond the scope of this OTA assess¬ 
ment. A number of computer security experts, 
including those at NSA, consider trusted oper¬ 
ating systems to be crucial to securing unclas¬ 
sified, as well as classified, information. They 
consider access controls to be of limited value 
without secure operating systems and the 
NCSC criteria, at least at the B and C levels, 
to be of significant value in both classified and 
commercial applications.^However, other 
computer security experts have questioned 
whether design criteria appropriate for classi¬ 
fied applications can or should be applied to 
commercial applications or even to many un¬ 
classified Government applications. (See ch. 5.) 

The recent debate over the applicability of 
what some term the 'military' model to com¬ 
mercial computer security® had progressed 
to the point where plans were made for an in¬ 
vitational workshop on this topic to be held 
in the fall, 1987.®This specific area of con¬ 
cern illustrates the issue of whether or not it 


“Harold E. Daniels, Jr., NSA S-0022-87, Jan. 21, 1987. Safe¬ 
guards currently used by the private and civil sectors have re¬ 
ceived B- and C-level ratings. 

^"See, for example, David D. Clark and David R. Wilson, “A 
Comparison of Commercial and Military Computer Security Pol¬ 
icies, ” Proceedings, 1987 IEEE Symposium on Security and 
Privacy (Oakland, CA: Institute for Electrical and Electronic 
Engineers, Apr. 27-29, 1987). 

^^The Workshop on Integrity Policy fOr Computer Informa¬ 
tion Systems will be held at Bentley College, Waltham. MA 
in the fall, 1987. I t is being organized by Ernst & Whinney, 
and is co-sponsored by the Association for Computing Machin¬ 
ery, the Institute for Electrical and Electronic Engineers, the 
National Bureau of Standards, and the National Computer Secu¬ 
rity Center. 
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is in the Nation's best interests to assign to 
one agency—namely, NSA—the task of meet¬ 
ing all the needs of the Government civilian 
agencies and the private sector while continu¬ 
ing to carry out its other missions. These con¬ 
cerns will be raised again and explored in chap¬ 
ters 5 and 7. 

Audit Trails 

Another major component of computer secu¬ 
rity, usually part of a host access control sys¬ 
tem, is the ability to maintain an ongoing rec¬ 
ord of who is using the system and what major 
actions are performed. The system's operators 
can then review this "audit trail" to determine 
unusual patterns of activity (eg., someone con¬ 
sistently using the system after office hours) 
or to reconstruct the events leading to a ma¬ 
jor error or system failure. 

I n the past few years, software has begun 
to combine auditing with personal identifica¬ 
tion. An audit log can record each time a user 
seeks access to a new set of data. Figure 21 
shows a sample audit log. Audit trail software 
is routinely recorded on most mainframe com¬ 
puters that have many users. Such software 
is available but seldom used on similar 
minicomputers, in part because it slows down 
the performance of the system and is only 
rarely available for microcomputers. 

Audit trails are among the most straight¬ 
forward and potentially most effective forms 
of computer security for larger computers and 


multi-user minicomputers. However, the fact 
that they are easily available for these ma¬ 
chines does not mean that they are effectively 
used. Many system managers either do not use 
the audit trails or rarely if ever review the logs 
once generated. For example, OTA found that 
only 58 percent of 142 F^eral agencies sur¬ 
veyed use audit software for computers con¬ 
taining unclassified, but sensitive information. 
Only 22 percent use audit software for all of 
their unclassified, but sensitive systems." 
Similarly, a 1985 General Accounting Office 
(GAO) study that exam.ined 25 major computer 
installations found that only 10 of them met 
GAO'S criteria for use of audit trails.®® 

Part of the reason why audit trails are not 
more widely and effectively used is that they 
tend to create voluminous information that is 
tedious to examine and difficult to use. Tech¬ 
nical developments can ease this problem by 
providing tools to analyze the audit trail in¬ 
formation and call specified types or patterns 
of activities to the attention of system secu¬ 
rity officers. Thus, it would not be necessary, 
except in case of a disaster, to review the en¬ 
tire system log. 


^"Information Security, Inc., “Vulnerabilities of Public 
Telecommunications Systems To Unauthorized Access, ” OTA 
contractor report, November 1986. 

^^William S. Franklin, General Accounting Office, statement 

on Automated Information System Security in Federal Civil¬ 
ian Agencies, before House Committee on Science and Tech¬ 
nology, Subcommittee on Transportation, Aviation, and Ma¬ 
terials, 99th Cong., 1st. sess., Oct. 29, 1985. 


ADMINISTRATIVE AND PROCEDURAL MEASURES 


Important as technical safeguard measures 
I ike the ones that have been described above 
can be, administrative and procedural meas¬ 
ures can be even more important to overall 
security. For example, encryption-based com¬ 
munications safeguards can be rendered use¬ 


less by improper management of "secret" en¬ 
cryption or decryption keys (see below). In the 
field of computer security, technical measures 
of the types mentioned above are almost use¬ 
less if they are not administered effectively. 
While they can only be raised briefly here, some 
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Figure 21 .— Example Reports From Audit Trail Software 


Example 1 


Security alarm / System 
Time : 

PID : 

User Name: 

Rec Nod: 

Fields Mod: 


UAF record modification 

27-OCT-1986 08:43:09.49 

00002420 

SYSTEM 

SMITH 

PASSWORD PRIVIILEGES 


Example 2 


Security alarm / File 
Time : 

PID: 

User Name: 
Image: 

File : 

Mode : 


access failure 

27-OCT-1986 11:11:15.76 

00002402 

JONES 

DUAO:[SYSO.][SYSEXE]TPU.EXE 
_DUA1:[DESNC.PH2]DOCS.DIR;1 
READ WRITE 


Example 3 


Security alarm / 
Username: 

Login failure 
GUEST 

UIC: 

[1,3] 


Account: 

<ne t> 

Finish time: 

25-DEC-19a6 

12 : 28 : 48 

Process ID: 

00000573 

Start time: 

25-DEC-1986 

12:28: 47 

Owner ID: 


Elapsed time: 

0 

00 : 00 : 00 

Terminal name: 


Processor time: 

0 

00: 00 : 00 

Remote node addr: 

36000 

Priority: 

4 


Remote node name: 

APPLE 

Privilege <31~00>: 

FFFFFFFF 


Remote ID: 

BANANA 

Privilege <63-32>: 

FFFFFFFF 


Queue entry: 

Queue name: 

Job name: 

Final status text 
Page faults: 

Final status code: 

: %LOGIN-F-NOSUCHUSER, no such user 

114 Direct 10: 

00D380F4 

a 


Page f aul t'r^eads : 

2 

Buffered 10: 

9 


Peak working set: 

144 

Volumes mounted: 

0 


Peak page file: 

534 

Images executed: 

1 



No files accessed through [DECNET] 


Audit trail software (either part of the computer's operating system or an 
add-^n program) can record in detail the activities taking place on a 
computer system. The first example above reports a manager ("SYsTEM") 
modifying a user's ("sMITH") password and privileges (the activities that 
user is allowed to perform on the system). The second records a user 
("JONES") attempting to access a file for which he does not have 
privileges. The third reports someone trying to log in to a system under 
the name "GUEST," which is not an authorized user of that system. A 
typical audit trail program might produce hundreds to thousands of these 
reports in a day. 


SOURCE: Digital Equipment Corp., 1986. 
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of the most important aspects of computer 
security administration include:®^ 

• Maintaining a Written Security Poiicy 
and Assigning Responsibilities for Secu¬ 
rity. Many organizations simply do not 
have a policy regarding computer security, 
or the policy is unavailable to computer 
users, or the policy is not followed. Com¬ 
puter security experts report that one of 
the most important factors in encourag¬ 
ing good computer security is for users 
to know that management is indeed com¬ 
mitted to it. Also, it is important that each 
individual in the organization be aware 
that protecting information assets is part 
of his or her responsibility. 

• Password Management Password-based 
access control systems are much less ef¬ 
fective if computer users write their pass¬ 
words on the wall next to their terminal, 
if they choose their birthday or spouse's 
name as their password, or if passwords 
are never changed. Thus, policies to en¬ 
courage reasonable practices in password 
systems are not only essential, but are 


‘^^For a more complete discussion of administrative proce¬ 
dures for computer security, see U.S. Congress, Office of Tech¬ 
nology Assessment, Federal Government Information Technol¬ 
ogy: Management, Security, and Congressional Oversight, 
OTA-C IT-297 (Washington, DC: U.S. Government Printing Of¬ 
fice, February 1986). Additionally, the General Accounting Of¬ 
fice (GAO) has issued many reports over the last decade iden¬ 
tifying major information security problems and surveying 
information security practices in Federal agencies (see tables 
4-5 in the February 1986 OTA report for a selected list of some 
of these GAO reports). 


probably one of the simplest and most ne¬ 
glected ways to enhance security. 

• Re/iewing Audit Trails. Similarly, audit 
software is of little value unless the logs 
created by its use are reviewed. 

• Training and Awareness. Relatively sim¬ 
ple programs can help users understand 
what kind of security problems the orga¬ 
nization faces and their role in enhancing 
security. 

• Periodic Risk Analyses. Such an analysis 
involves examining each computer sys¬ 
tem, the sensitivity of the data it handles, 
and the measures that are in use or should 
be considered to protect the system. 

• Personnel Checks. Organizations may 
wish to avoid putting employees with cer¬ 
tain kinds of criminal records or financial 
problems in jobs with access to sensitive 
information. It maybe difficult, however, 
to perform such checks without raising 
concerns about employee privacy. 

• Maintaining Backup Plans and Facilities. 
Many organizations do not have any pol¬ 
icy or plans for what to do in the event 
of a major disaster involving an essential 
computer system. For example, in 1985 
only 57 percent of Federal agencies had 
(or were in the process of developing) 
backup plans for their mainframe com¬ 
puter systems.™ 


^^Data from OTA’s Federal Agency Request given in eh. 4 
of Federal Government Information Technology: Management, 
Security, and Congressional Oversight, OTA-C IT-297 (Wash¬ 
ington, DC: U.S. Government Printing Office, February 1986). 


COMPUTER ARCHITECTURES 


The computer itself has to be designed to 
facilitate good security, particularly for ad¬ 
vanced security needs. For example, it should 
monitor its own activities in a reliable way, pre¬ 
vent users from gaining access to data they 
are not authorized to see, and be secure from 
sophisticated tampering or sabotage. The na¬ 
tional security community, especially NSA, 
has actively encouraged computer manufac¬ 
turers to design more secure systems. In par¬ 


ticular, NCSC has provided guidelines for se¬ 
cure systems and has begun to test and 
evaluate products submitted by manufac¬ 
turers, rating them according to the four secu¬ 
rity divisions discussed above. A more thor¬ 
ough discussion of secure computing bases is 
beyond the scope of this assessment. 

While changes in computer architecture will 
gradually improve security, particularly for 
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larger computer users, more sophisticated ar¬ 
chitecture is not the primary need of the vast 
majority of current users outside of the na¬ 
tional security community. Good user verifi¬ 


cation coupled with effective access controls, 
including controls on database management 
systems, are the more urgent needs for most 
users. 


COMMUNICATIONS LINKAGE SAFEGUARDS 


In the past few years it has become increas¬ 
ingly clear that computers are vulnerable to 
misuse through the ports that link them to 
telecommunications lines, as well as through 
taps on the lines themselves. Although taps 
and dial-up misuses by hackers may not be as 
big a problem as commonly perceived, such 
problems may grow in severity as computers 
are increasingly linked through telecommuni¬ 
cations systems. Similarly, computer and other 
communications using satellite transmissions 
motivate users to protect these links. 

Port-Protection Devices 

For some computer applications, misuse via 
dial-up lines can be dramatically reduced by 
the use of dial-back port protection devices 
used as a buffer between telecommunications 
lines and the computer. The market for these 
is fairly new, but maturing. Some products are 
stand-alone, dial-back units, used for single- 
line protection; others are rackmounted, multi- 
line protection units that can be hooked up to 
modems, telephones, or computer terminals. 
Some 40 different models of commercial dial- 
back systems were being sold in 1986, with 
prices ranging from several hundred to sev¬ 
eral thousand dollars (on the order of $500 per 
incoming line), depending on the configuration, 
features, and number of lines protected. Some, 
but not all, models offer data encryption as a 
feature, using DES and/or proprietary al¬ 
gorithms. 

I n addition to these dial-back systems, secu¬ 
rity modems can be used to protect data com¬ 
munications ports. These security modems are 
microprocessor-based devices that combine 
features of a modem with network security fea¬ 
tures, such as passwords, dial-back, and/or en¬ 
cryption. Security modems featuring encryp¬ 


tion must be used in pairs, one at each end with 
the correct encryption key and algorithm to 
encrypt and decrypt communicated data and 
instructions. About 20 different models of com¬ 
mercial security modems were available in 
1986, with various combinations of features, 
such as password protection, auditing, dial 
back, and/or encryption. Security modems 
featuring encryption offer the DES and/or pro¬ 
prietary encryption algorithms. 

According to DataPro Research Corp., the 
market for security modems has been in a period 
of rapid change since the early 1980s—new and 
advanced products have been introduced, more 
users have adopted remotely accessible data 
operations, and prices have continued to fall. 
Prices for security modems range from less 
than $500 to almost $2,000, depending on the 
features included. 

An example of the use of this type of port 
protection follows: When a remote user wants 
to logon to the machine, the security modem 
is programmed to answer the call, ask for his 
or her log-on identification and password, and 
then (if the identification and password are 
proper) call back the computer user at the loca¬ 
tion at which he or she is authorized to have 
a terminal. There may be some Inconvenience 
in using the device, however, if authorized com¬ 
puter users frequently call from different phone 
numbers. In addition, there are ways to thwart 
dial-back modems, such as using "call- 
forwarding" at the authorized user's phone to 
route the computer transmission elsewhere to 
an unauthorized phone or user. 

Dial-back devices are generally considered 
too inconvenient to use for one very important 
application: large-scale database applications, 
such as commercial credit reporting services. 
These services can receive thousands of calls 



90 • Defending Secrets, Sharing Data: New Locks and Keys for Electronic Information 


a day from terminals in banks and credit bu¬ 
reaus seeking to verify a person's credit wor¬ 
thiness, often prior to a loan or establishment 
of a line of cr^it. The use of dial-back devices 
for such an application are time-consuming and 
costly, and are difficult to administer given the 
number of terminals that would have to be con¬ 
nected to the devices. Thus, those who illegally 
obtain passwords to access these systems can 
now use them relatively easily. 

Other technical measures may be useful for 
large public database systems, however. For 
example, remote terminals in retail stores could 
be equipped to perform a coded "handshake" 
with the host computer before they can gain 
access to the database. Or, as the telecommu¬ 
nications network evolves toward wider use 
of digital signaling equipment, it will Increas¬ 
ingly be possible for host computers to know 
the phone number of the person trying to gain 
access and thus to check that phone number 
against its list of authorized customers. 

Satellite Safeguards 

In the military, highly directional antennas, 
spread-spectrum modulation, and laser com¬ 
munication are among the measures used or 
contemplated to protect satellite signals from 
unauthorized reception. Other methods range 
from analog scrambling to full digital encryp¬ 
tion. For encryption, equipment costs and oper¬ 
ational complexity tend to inhibit the wide¬ 
spread deployment of elaborate encryption 
techniques. This is particularly true for polnt- 
to-multipoint networks, where the expense of 
providing a large number of end users with 
decryption equipment may not be worth the 
cost. 

The current trend is toward the implemen¬ 
tation of security by some service providers. 
For example, the video industry, one of the 
largest users of satellite capacity, has begun 
to use analog scrambling techniques to dis¬ 
courage casual theft of service. Methods for 
encrypting video signals range in complexity 
from line-by-line intensity reversal to Individ¬ 
ual pixel scrambling. Decryption keys may be 
broadcast in the vertical blanking interval. In 
some systems, individual subscribers can be 


addressed, providing selective access to the 
programming. Scrambling techniques are also 
being used by some providers of point-to- 
multipoint satellite data networks. Since these 
transmissions are typically digital, more effec¬ 
tive encryption systems can be used. In some 
cases, a device using the Data Encryption 
Standard is provided in the subscribers' re¬ 
ceiver equipment and key distribution is ac¬ 
complished in real time to selected end users 
(i.e., to those who have paid to receive the 
broadcast) .7' 

The Department of Defense has had con¬ 
tinuing concerns for the vulnerability of satel¬ 
lites to interception and other misuse. The Sen¬ 
ate Committee on Appropriations approved 
funds in 1986 for the first year of a 5-year plan 
developed by NSA that would enable DoD to 
reimburse satellite carriers for installing en¬ 
cryption equipment to protect their trans¬ 
missions. ” 

Fiber Optic Communications 

Fiber optic communications links provide an 
important barrier to misuse, because more so¬ 
phisticated means are required to eavesdrop. 
Further, means are available to detect some 
forms of misuse. 

Common Carrier Protected Services 

Several common carriers encrypt their micro- 
wave links in selected geographic areas as well 
as their satellite links that carry sensitive Gov¬ 
ernment communications. These protected 
services are largely the result of NSA and GSA 
procurements beginning in the 1970s. Much 
of the following discussion is excerpted from 
the OTA contractor report, "Vulnerabilities 
of Public Telecommunications Systems to Un¬ 
authorized Access, prepared by Information 
Security Incorporated, November 10, 1986. 

’'Note that the EIectronIC Communications Privacy Act of 
1986 (Public Law 99-508) made the private use of “backyard” 
earth stations legal for the purpose of receiving certain satel¬ 
lite transmissions, unless it is for the purpose of direct or in¬ 
direct commercial advantage or for private gain. 

'^See U.S. Senate, Committee on Armed Services, National 
Defense Authorization Act for Fiscal Year 1987. Report 99-331 
to accompany S. 2638, 99th Cong.. 2d sess., July 8, 1986, p. 295. 
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The latest transmission technology using fi¬ 
ber optics is difficult to intercept because the 
information signal is a modulated light beam 
confined within a glass cable. NSA judges both 
cable and fiber media to provide adequate pro¬ 
tection for unclassified national security- 
related information. 

American Telephone & Telegraph Co. (AT&T) 
protects its microwave links in Washington, 
D. C., New York, and San Francisco. Major 
routes are being expanded with fiber optics. 
Protected service is available in areas desig¬ 
nated by NSA and private line service can be 
offered over selected fiber and cable routes. In 
addition, customized encryption can be in¬ 
stalled on selected microwave and satellite cir¬ 
cuits for particular customers.'^ 

MCI offers protected terrestrial microwave 
services in those areas specified by NSA. In 
addition, MCI offers customers the option of 
protected service in many other major metro¬ 
politan areas. These customers can order pro¬ 
tected communications throughout the MCI 
portion of the circuit, using MCI fiber optic 
system, encrypted terrestrial microwave, and 
the MCI-encrypted satellite network." 

U.S. Sprint, which reached 2.5 million cus¬ 
tomers or about 4 percent of all long-distance 
customers in 1986, intends to create an all-fiber 
network by the end of 1987 that the company 
expects will carry more than 95 percent of its 
voice and data traffic.'^ This means any call 
or circuit carried via the Sprint network would 
be harder to intercept than unprotected micro- 
wave transmissions. Currently, Sprint has pro¬ 
tected microwave radio in the NSA-designated 
areas. " 

International Telephone & Telegraph Co. 
(ITT) offers protected service in the NSA-des¬ 
ignated zones, consisting of protected micro- 
wave circuits. The service is available now on 

“ ‘AT&T Communications Security, marketing literature, 
1986. 

'AICl Communication Protection Capabilities, marketing 
literature, 1986. 

' U.S. Sprint, “Clearline,” vol. 2, Issue 5, Kansas City, MO, 
spring 1987. 

“M’hy U.S. Sprint Is Building the First Coast-to-Coast Fi¬ 
ber Optic Network and What’s in It for You, " U.S. Sprint mar¬ 
keting literature, 1986. 


a private-line basis to commercial or business 
customers. ” 

The American Satellite Co. offers two types 
of protected carrier services. One uses an en¬ 
crypted satellite service that has been approved 
by NSA for protecting unclassified, but sen¬ 
sitive information. The second service uses pro¬ 
tected terrestrial microwave in the NSA-desig¬ 
nated areas. This also is available on a private 
line basis in the service areas.'® 

Pacific Bell plans to have a complete fiber 
and cable network between all its central 
offices within 10 years. These plans include 
most of San Francisco, Los Angeles, and San 
Diego; at present, two fiber rings in San Fran¬ 
cisco are routed past all major office buildings. 
Pacific Bell can offer customers in the San 
Francisco area fiber optic routes throughout 
most of their operating region. In Los Angeles, 
the company has 27 locations used in the 1984 
Olympics linked by fiber optic facilities and 
is extending its network. These offerings can 
be augmented with new fiber spurs to a cus¬ 
tomer's location. All of these services are filed 
with the California Public Utility Commission 
as special service engineering and are not 
tariffed by the FCC.™ 

Bell Communications Research (Bellcore) is 
developing a service that would be imple¬ 
mented by the Bell Operating Companies. The 
service would provide special handling and 
routing over protected or less-interceptable 
(i.e., fiber or cable) lines. The initial goal is to 
use as much as possible the inherent security 
features of the existing network. This service 
is being designed to meet NSA requirements 
for protecting unclassified government infor¬ 
mation so that costs (for Government contrac¬ 
tors) will be reimbursable under National 
COMSEC Instruction 6002 and Department 
of Defense Instruction 5210.74. Bellcore an¬ 
ticipates that this service will also be available 
to other commercial customers,") 


'"ITT Private Line Service—Security, marketing literature, 
1986, 

'^Protected Communications Services, marketing literature, 
1986. 

'■^OTA Federal Agency Data Request, op. cit. 

Ibid., ref. 27. 



Chapter 5 

Improving Information Security 



CONTENTS 


Page 

Findings. 95 

I ntroduction.95 

National Security Objectives and Programs.98 

Background.98 

Federal Telecommunications Protection Programs.98 

Government Procurements.100 

Carrier Protection Services .100 

DoD Programs Under NSDD-145 .101 

Implications of Merging Defense, Civilian Agency, and 

Private Sector Requirements.106 

Objectives and Programs Unrelated to National Security.110 

Background.+ ...110 

Private Sector Motivations.110 

Linkages in and Contrasts Between Defense Intelligence and 

Other Needs.117 

Technical Standards Development .123 

Inherent Diversity of Users' Needs .127 

Box 

Box Page 

E. Indicators of Private Sector Interest in Safeguards .Ill 

T ables 

Table No. Page 

7.0verall Ranking of Importance as an Adversary .118 

$. Top-Priority Computer and Information Security Concerns Mentioned 

by Respondents.120 

9. Perceived Impacts From NSDD-145 .120 

10. Selected Civilian Technical Standards for Safeguarding Information 

Systems.126 






















Chapter 5 

Improving Information Security 


FINDINGS 

• The needs of institutional users are changing, expanding gradually and in¬ 
crementally, as technology makes practical a broader range of applications 
of information safeguards. The current trend in user activities is toward con¬ 
trolling access to systems, linking transactions with particular individuals 
and authorizations, and verifying message accuracy. 

• Users in civil agencies and the private sector have diverse needs to safeguard 
their computer and communications systems, even within any one F^eral 
agency or industry. Organizations differ in their needs, perceptions, and atti¬ 
tudes towards information security, and see different incentives or mandates 
to secure information systems. Differences in their concerns for vulnerabili¬ 
ties, risks, and adversaries are probably greatest between Government intel¬ 
ligence agencies and other users. 

• It is unclear whether anyone agency can specify and design one or a few safe¬ 
guards for a wide range of users, and particularly questionable for the Na¬ 
tional Security Agency due to its propensity for secretiveness and its focus 
on protecting against foreign intelligence adversaries. 

• Cryptography underlies some powerful safeguards that have broad applica¬ 
tion, not just for national security needs, but also for an expanding number 
of commercial needs, such as to ensure the integrity of electronic information 
and reduce the costs of routine business transactions. Advances in cryptog¬ 
raphy have stimulated new nondefense applications of the technology. 

• Federal standards and guidelines have a leveraging effect on the private sec¬ 
tor, especially in areas related to cryptography. 

• It is not clear how motivated the nondefense private sector will be to use some 
safeguards, such as secure telephones or trusted computers, particularly if 
these are not easy to use and cost-effective in business applications. 


INTRODUCTION 


The preceding chapters illustratethe vari¬ 
ous vulnerabilities of computer and commu¬ 
nications systems and the range of technol¬ 
ogies that are becoming available to safeguard 
information in these systems. They also intro¬ 
duce the notion of a spectrum of adversaries, 
differing widely in available resources (time, 
money, equipment, and specialized knowledge), 
against whom these systems may need to be 
protected. This chapter examines the perceived 


needs of various users—defense and civilian 
agencies of the Federal Government, financial 
and other private sector users—as indicated 
by the actions they are taking to safeguard 
their domestic and international operations. 
It also points out some of the diversity in their- 
perceived needs for safeguards, both among 
users in the private sector and, particularly, 
between users in intelligence agencies and 
others. 


95 
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The level of users' activity toward safeguard¬ 
ing electronic information is growing. Various 
factors are contributing to this interest. These 
factors range from wanting to improve busi¬ 
ness operations, including the reduction of po¬ 
tential theft and human errors, to streamlining 
business transactions and adhering to indus¬ 
try standards of due care and, in some cases, 
to requirements imposed by emerging Federal 
policies. Federal policies, for example, will in¬ 
fluence the actions of some banks and defense 
contractors. No individual factor is recognized 
as singularly prominent in driving the use of 
safeguards. 

Instead, business uses of electronic safe¬ 
guards are in a transition phase as users con¬ 
tinue to define their needs and as technical 
standards are developed, and as Federal pol¬ 
icies and agency roles stabilize further. A num¬ 
ber of factors have complicated the situation, 
however. Among these is the question of the 
influence of the National Bureau of Standards 
or the National Security Agency in setting 
standards for information security safeguards, 
and users' perceptions of the prospective reach 
of Federal policies requiring safeguards for un¬ 
classified information. (Seech. 6.) 

One important turning point appears to have 
been reached in that users are now better able 
to distinguish between the protections pro¬ 
vided, or not provided, by different forms of 
safeguards and their alignment with specific 
needs. Users tend to be concerned with one or 
more of three main objectives in seeking infor¬ 
mation safeguards: preventing unauthorized 
disclosure; maintaining the integrity of elec¬ 
tronic information; and ensuring continuity of 
service. The needs of different communities of 
users vary widely and these needs are often 
critical for one of these objectives and less im¬ 
portant, or nonexistent, for others. For some 
users there is concern for all three objectives. 

In spite of the difficulty in distinguishing 
between users according to their objectives for 
information security, some cautious observa¬ 
tions can be made. One of these is that a criti¬ 
cal need for some users, such as intelligence 
agencies, is to prevent unauthorized disclosure. 


Most businesses and civilian agencies are par¬ 
ticularly dependent on the integrity of certain 
of their electronic information, and many of 
these are also concerned about unauthorized 
disclosure. And, for some users, such as those 
responsible for public safety (air traffic con¬ 
trol) and many financial services, there is an 
important, if not critical, need for continuity 
of service. Observations concerning users' ob¬ 
jectives are important because Federal policy 
that is misaligned with users' needs can create 
significant tensions. 

Government agencies' and private sector 
needs for information security include capa¬ 
bilities for authenticating the origin and in- 
t^rity of messages, and for verifying the iden¬ 
tities and authorizations of system users. The 
Department of the Treasury and the Federal 
Reserve System, for example, electronically 
transfer huge amounts of money every work¬ 
ing day and, with commercial banks, are pro¬ 
viding leadership in developing and using safe¬ 
guards with these types of capabilities. 

Users' needs for saf^uards are by no means 
confined to the financial community. The use 
of safeguards for securing electronic informa¬ 
tion is being adopted by users in industries 
ranging from automobile manufacturing to 
grocery businesses. However, private sector 
needs and Government national security con¬ 
cerns are not identical. They differ in their 
perceptions of the levels of adversaries, the con¬ 
sequences of exploitation, and their organiza¬ 
tional motivations and decision rules for pro¬ 
tecting information and investing in safeguard 
technology.' 

In addition, private sector demand for safe¬ 
guards is growing, as is its ability to produce 
them, as noted in chapter 4. Users tend to make 
selected use of a broader range of new tech¬ 
nologies for safeguarding information that 
prove cost-effective or are otherwise important 
for business reasons. Interestingly, many of 
the emerging commercial uses of message in¬ 
tegrity (authentication) techniques, e.g., for 


‘Administrative and technical safeguards, as well as or¬ 
ganizational policies for information safeguards, are also im¬ 
portant for safeguarding electronic information, as noted in ch. 4. 
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cost-reduction purposes, make use of the same 
cryptographic techniques used to improve the 
confidentiality of electronic information. Often, 
however, the commercial motivations for em¬ 
ploying these techniques are unconcerned with 
preventing unauthorized information disclo¬ 
sure or protecting national security. 

What emerges is a sense that although gener¬ 
alizations of aggregate users' needs are use¬ 
ful, individual users tend to have significant 
diversity among them. Even within one user 
community, such as the banking industry, 
there can be considerable diversity of needs, 
depending on size, location, operations, clients, 
and numbers of branches and correspondents. 

This diversity of needs raises questions with 
regard to the proper role of the Federal Gov¬ 
ernment in meeting private sector needs and 
the extent to which any one Federal agency 
can reasonably be expected to meet the safe¬ 
guard needs of all users. Such a task would 
require an agency to interact openly and con¬ 
tinually with a diverse public. The intensity 
and openness of interaction would require sig¬ 
nificant adaptation in the operations of an 
agency such as DoD's National Security Agency 
(NSA).^Without a full appreciation of users' 
needs, there is significant risk of premature 
or "off-target technology standardization or 
imposing DoD restrictions that are unaccept¬ 
able to users. At the same time, safeguards 
that do not meet users' needs-even those that 
are federally imposed—are not likely to be ap¬ 
plied widely and may distort market forces. 

The users themselves are also likely to be 
important in shaping information safeguards. 
The influence of major international business 
users on information security standards is only 
beginning to be felt, but is likely to be signifi¬ 
cant in the long term. These users can be ex¬ 
pected to demand safeguards that integrate 
well into their business operations in terms, 
for example, of being inexpensive, exportable, 
interoperable, and politically acceptable in the 

^See, for example, “ ‘Advice Most Needed . . . ' The Assess¬ 
ment and Advice Effort, ” Deborah M. Claxton, DoD. Presented 
at the Ninth National Computer Security Conference, Gaithers¬ 
burg, MD, Sept. 18, 1986. 


many countries in which the firms do business. 
Their influence is already beginning to be felt 
through communities of industry users, such 
as international banking, transportation, and 
manufacturing. 

OTA analyzed survey data to gain insights 
into the influence of Federal policies and stand¬ 
ards on users' and vendors' actions. Although 
the effects of National Security Decision Direc¬ 
tive 145 (NSDD-145), issued in 1984, were still 
evolving, there were indications, as of late 
1986, that the impact of this policy had not 
been widely felt on nongovernment users' ac¬ 
tions. For example, about three-fourths of the 
nongovernment respondents to an OTA sur¬ 
vey question, and 46 percent of the nongovern¬ 
ment respondents to a separate Ernst & Whin- 
ney survey, indicated that this policy had no 
impact on their organizations' actions toward 
safeguarding unclassified information." 

Moreover, OTA's research has found that 
some large firms feel that, in general. Federal 
guidelines and assistance programs have not 
significantly or directly contributed to their 
information security efforts.''Moreover, data 
from Ernst & Whinney's computer security 
survey in 1986 shows that, of 474 respondents, 
two-thirds said that none of their organiza¬ 
tion's information and computer security ex¬ 
pertise came directly from Government-spon¬ 
sored assistance programs, conferences, or 
training programs. On average, according to 
estimates by both government and nongovern¬ 
ment respondents, only 7 percent of their orga- 


^Of 26 computer audit directors from Fortune 100 firms sur¬ 
veyed for OTA in October 1986, Ernst & Whinney found that 
17 individuals (74 percent of the 23 answering this question) 
said that NSDD-145 had had “no” impact on their firms’ safe¬ 
guarding of unclassified information, four saidNSDD-145 had 
had “very little” impact, and two said the directive had had 
“some” impact. 

Results are reported in OTA contractor report, “OTA Com¬ 
puter Security Survey, “ Emst& Whinney, Nov. 7, 1986. Ernst 
& Whinney included many questions from the OTA survey in 
a survey it conducted at the Computer Security Institute Con¬ 
ference in November 1986. The raw data from this Ernest & 
Whinney survey indicated that, of 364 nongovernment respond¬ 
ents, 46% said that NSDD-145 had had "no' impact, 27% "Very 
little" impact, 21% "some" impact, and 6% "great" impact (see 
table 9). Ernest & Whinney has permitted OTA to use the raw 
data from this survey. 

^OTA survey, October 1986, op. cit. 
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nizations' information and computer security 
expertise came directly from government 
programs.' 

Vendors of information security products are 
especially, and understandably, sensitive to 
Government policies and standards that influ¬ 
ence the use and choice of safeguards among 
Government agencies and businesses. The rela¬ 
tively small markets for many types of safe¬ 
guards make any influences on consumption 
of these products particularly important. 

The following sections examine the range of 
users' motivations for using safeguard tech¬ 
nologies to protect unclassified information 
and spotlight what users are doing to meet 
their objectives. They illustrate some of the 
main objectives of users for safeguarding elec- 


^This data is from Ernst & Whinney’s survey administered 
at the Computer Security Institute Conference on Nov. 17-20. 
1986. 


tronic information, ranging from national secu¬ 
rity to economic self-interest and the need to 
comply with established business practices. 

For the purposes of this report, user objec¬ 
tives and actions are grouped into two cate¬ 
gories: 

1. those related to national security, which 
include a number of Federal agency ac¬ 
tions; and 

2. other Government and private sector ac¬ 
tions not directly related to national 
security. 

The latter category includes Federal agency 
actions to protect financial transactions. At¬ 
tention often focuses on cryptography because 
it is central to many powerful safeguard tech¬ 
niques and because the course of technologi¬ 
cal development in cryptography-based safe¬ 
guards has been so tightly meshed with Federal 
policies. 


NATIONAL SECURITY OBJECTIVES AND PROGRAMS 


Background 

Traditionally, national security objectives 
have guided the development and use of effec¬ 
tive information security techniques. DoD has 
been responsible for safeguarding classified in¬ 
formation transmitted, stored, or processed in 
communications and computer systems. Re¬ 
cently, through NSDD-145, DoD's authority 
has been expanded to include protecting sys¬ 
tems containing certain unclassified informa¬ 
tion in civilian agencies and the private sec¬ 
tor. (See ch. 6.) This includes Government and 
Government-derived economic, human, finan¬ 
cial, technological, and law enforcement infor¬ 
mation, as well as personal or proprietary infor¬ 
mation provided to the Federal Government. 

Federal Telecommunications Protection 
Programs 

Most Federal agencies have adopted some 
policy to protect the security of the informa¬ 


tion they collect. Issues relating to the secu¬ 
rity of Federal information systems were ex¬ 
amined in an earlier OTA report. Federal 
Government Information Technology: Man¬ 
agement, Security, and Congressional Over- 
sight/Th\s section describes selected pro¬ 
grams to protect information systems." 

Commercial Carrier Protection Program.- 
This program, begun prior to the issuance of 
Presidential Directive/National Security Coun¬ 
cil 24 (PD/NSC-24), involves the Nation's ma¬ 
jor telecommunications carriers. In late 1977, 
The N&v York Times, among other newspapers, 
reported that President Carter had approved 
a broad protection program that included rout- 


^OTA-CIT-297, February 1986. Chapter 4 of this report sur¬ 
veys the security of unclassified information systems within 
the Federal Government. 

^Part of this section is based on material taken from chap¬ 
ter rv of OTA contractor report, “Vulnerabilities of Public 
Telecommunications Systems to Unauthorized Access, ” Infor¬ 
mation Security, Inc., November 1986. 
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ing nearly all Government telephone messages 
in three cities (Washington, D. C., New York, 
and San Francisco) through underground ca¬ 
ble rather than over more vulnerable radio cir¬ 
cuits.® At the same time, research was ac¬ 
celerated to improve telephone security with 
the long-haul, terrestrial commercial carriers. 
As a result, entire radio channels are now pro¬ 
tected between switching stations in the three 
cities. After the technology was developed to 
protect the microwave radio systems, the Gov¬ 
ernment began to require protected service in 
civil and defense agencies' communications 
procurements. (See ch. 6 for a description of 
the evolution of these communications secu¬ 
rity programs.) 

Currently, 450 microwave radio channels car¬ 
rying more than 1 million voice and data cir¬ 
cuits are protected. More than 1 million sensi¬ 
tive telephone calls are protected each day and 
NSA expects that almost 2 million circuits will 
be protected in 1988. Although this program 
was prompted by defense concerns for safe¬ 
guarding DoD contractor communications, de¬ 
fense and non-defense protection requirements 
were aggregated for efficient bulk or network- 
level protection.^ 

Secure Voice Programs. -As reported by The 
Ne/v York Times in late 1977, the Executive 
Secure Voice Network program was initiated 
to provide 100 selected Government executives 
and surveillance targets“with a total of 250 
secure voice terminals at a cost of $35,000 each. 
The equipment, intended to secure classified 
information up to Top Secret Compartmented, 
used narrowband, dial-up telephone lines. It 
had a mode for automatic keying based on 
secure distribution of the classified crypto¬ 
graphic key from a secure (electronic) key dis¬ 
tribution center. NSA funded deployment of 
the network. 'I 


^“Carter Approves Plan to Combat Phones by Other Na¬ 
tions, ” New York Times, Nov. 20, 1977, p. 34. 

‘Harold E. Daniels, NSA S-0033, Feb. 12, 1987, p. 2 of En¬ 
closure 3. 

"^Information Security, Inc., “Vulnerabilities of Public Tele¬ 
communications Systems to Unauthorized Access, OTA con¬ 
tractor report, reference 12, November 1986. 

‘'NSA S-0033, op. cit., p. 2 of Enclosure 3. 


A successor, the Secure Telephone Unit II 
(STU-II), was developed by NSA in the early 
1980s for protecting classified information up 
to Top Secret Compartmented, depending on 
the classification of the cryptographic key. The 
STU-II program also implemented a secure key 
distribution center.'^ STU-II phones, which 
cost about $12,000 each, operate over ordinary 
telephone circuits and could be purchased un¬ 
til December 1986. The General Services Ad¬ 
ministration (GSA) was made system manager 
to support the purchase, operation, and main¬ 
tenance of more than 3,000 STU-II phones by 
civilian agencies, according to NSA.'® 

The new STU-II I program was announced 
by NSA in March 1985, subsequent to NSDD- 
145. STU-II I units will be produced for use by 
Federal agencies. Government contractors, 
and certain other private sector firms. NSA, 
which will manage the cryptographic keys, 
plans to produce 500,000 phones at $2,000 
each. As of late 1986, orders for 49,640 units 
(to be delivered in late 1987) had been placed, 
with options for additional units. The average 
unit price was $3,827. As of J anuary 1987, 
37,116 of the initial orders were for defense 
agencies and 9,675 for nondefense agencies. 
About 200 STU-II I phones had been ordered 
by Government contractors.]' The STU-II I 
program is discussed in more detail later in this 
chapter. 


12 the STU-II Program, key distribution for the civil agen¬ 
cies is handled by GSA Key Distribution Centers. GSA is the 
overall Government manager for the Federal Secure Telephone 
System (STU-II phones), serving some 65 to 70 agencies and 
managing their STU-II installations, maintenance, system man¬ 
agement, and procurement. In the successor STU-I II Program, 
the NSA will do all keying through the NSA Key Management 
Center. Source: Discussion between OTA staff and GSA Spe¬ 
cial Programs Division and Electronic Services Division staff, 
Oct. 8,1986. The STU-I 11 phones will be procured commercially; 
plans for maintenance and servicing have not yet been an¬ 
nounced. 

Under the FSTS Systems Manager charter from NSA, GSA 
supports FSTS operations governmentwide, including operat¬ 
ing the FSTS Key Distribution Centers (KDCs). It serves users 
in the defense and civil agencies, as well as some private con¬ 
sultants to the Government. Source: Harold E. Daniels, Jr., NSA 
S-0033-87, Feb. 12, 1987. n. 3 of Enclosure 3. 

13ns A continues t. provide a portion of the cost to sustain 

GSAs systems manager responsibilities. 

'^NSA ^-0033-87, op. cit. 
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Government Procurements 

GSA issued the first public competitive 
procurement for private line protect^ serv¬ 
ice between Washington, D.C. and San Fran¬ 
cisco in 1980. This set the precedent for nu¬ 
merous subsequent procurements, particularly 
in having the carriers provide protection. A 
turnkey system was provided by RCA Amer¬ 
ican with integrated protection for about a 5- 
percent cost premium over the unprotected 
service. The 5-year contract cost about $15 mil¬ 
lion to protect 312 circuits. 

More recently, the Defense Communications 
Agency (DCA) awarded a major contract to 
AT&T for a nationwide, all-digital service 
called the Defense Commercial Telecommuni¬ 
cations Network (DCTN). The 10-year, $1- 
billion program provides optional encrypted 
service among 161 locations, with link encryp- 
tors int^rated into the carrier's earth stations. 
DCTN is designed to be flexible enough to al¬ 
low for changes in technology and in customer 
requirements over the 10-year period. It also 
permits the use of video teleconferencing, 
switched voice, Autovon, and a wide range of 
data modes. DCA has also awarded a $100- 
million contract to Hawaii Telephone for a se¬ 
cure turnkey network called the OAHU Tele¬ 
phone System. 

The largest program to date is for GSA's 
Federal Telecommunications Service-2000 
(FTS-2000), a commercial communications 
service for Federal agencies.'"FTS-2000 will 
eventually replace GSA's current long-distance 
telephone system, which has some 1.3 million 
subscribers who total 1.5 billion call-minutes 
per year. 

FTS-2000 differs from the current system 
in that it will procure telecommunications serv¬ 
ices rather than leased facilities. FTS-2000 in¬ 
cludes contractor-provided security features. 
GSA expects to award a contract by late 1987, 
with services to begin in 1988 at an expected 


'^Information Securities, Inc., OTA contractor report, “Vul¬ 
nerabilities of Public Telecommunications Systems to Unauthor¬ 
ized Access, ” November 1986, and OTA staff discussions with 
GSA officials August 1986. 


first-year cost of $350 million. FTS-2000 is in¬ 
tend^ to be compatible with the evolving all- 
digital systems, generally referred to as the 
Integrated Services Digital Network (ISDN). 

In its draft r^uest for proposal, GSA re¬ 
quired four specific security features for FTS- 
2000. The system has to:'" 

1. protect terrestrial radio systems in certain 
geographic areas and the communications 
Iinks of any satel Iite system used to pro¬ 
vide services; 

2. provide protection from loss, degradation, 
or alteration by intrusion for the portion 
of those databases and information proc¬ 
essing systems that are critical for con¬ 
tinued reliable operation; 

3. protect common channel signaling paths 
by NSA-endorsed encryption equipment 
or by other approved, nonencrypted forms 
of protection (e.g., fiber, cable); and 

4. provide the capability to encrypt the com¬ 
mand and control link of any-spacecraft 
launched after J une 17, 1990. 

FTS-2000 Is expected to significantly affect 
communications security in the private sector, 
according to National Security Agency offi¬ 
cials. It is expected to stimulate the develop¬ 
ment of link encryptors, protected services, 
signaling channel protection, and command- 
and-control encryption for satellites, thereby 
making these features more readily available 
to the private sector and at lower prices. 

Carrier Protection Services 

M icrowave radio systems began to be used 
to augment the existing AT&T cable infra¬ 
structure in the 1950s. By the 1960s they had 
become the dominant long-distance transmis¬ 
sion medium. New companies providing com¬ 
munications services in the 1970s typically 
Installed microwave circuits or used new com¬ 
munication satellite technology. In the 1980s, 
optic fiber has become the favored medium for 
new point-to-point circuits, while satellite is 
still preferred for many broadcast applications. 

‘Information Securities, Inc., OTA contractor report, “Vui- 
nerabiiities of Public Telecommunications Systems to Unauthor¬ 
ized Access, ” November 1986, reference 19. 
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(See ch. 3 for a discussion of the vulnerabili¬ 
ties of these systems.) 

The protected services offered by the com¬ 
munications common carriers stem in large 
part from Government efforts in the 1970s to 
develop and install safeguards for microwave 
circuits. Satellite carriers also developed vari¬ 
ous means of encrypting transmissions relayed 
by their geostationary satellites. These efforts 
were sparked by Government encryption re¬ 
quirements and, in one instance, by anticipated 
commercial demand. Several major carriers are 
developing various additional services, includ¬ 
ing protected private-line services, microwave 
and satellite link encryption, and all-fiber 
net works. 

At present, the interexchange carriers have 
announced no plans to directly protect the pro¬ 
posed Integrated Services Digital Network. 
Standards for this future network have not 
been decided. Nor has it been determined 
whether U.S. or European designs will be used. 
A large number of switch and PBX manufac¬ 
turers are committed to providing I SDN-com¬ 
patible interfaces to their customers. Users 
wishing to secure ISDN service can follow one 
of two strategies: demand protection from each 
carrier for the portion of the circuit provided 
by that carrier (link protection) or encrypt their 
own communications from end to end."End- 
to-end encryption would be under the user's 
control, with the encryption taking place in the 
user's PBX, in the carrier's Centrex service, 
or at the ISDN interface. 

DoD Programs Under NSDD-145 

DoD Outreach Programs. -According to Na¬ 
tional Security Decision Directive 145 (NSDD- 
145), the Secretary of Defense is the executive 
agent for telecommunications and information 
systems security, with the national manager 
being the Director of the National Security 


'^As of late 1986, DoD appeared to be favoring a link encryp¬ 
tion strategy. Commercial users, who do not have control over 
the circuit infrastructure, may be more likely to choose end-to- 
end encryption. 


Agency (NSA), as discussed in chapter 6. 
Therefore, most programs initiated under 
NSDD-145 are under the auspices of the Na¬ 
tional Telecommunications and Information 
Systems Security Committee (NTISSC), which 
is chaired by an assistant secretary of defense. 
According to NSA, the approach being taken 
is to focus on the national interest in address¬ 
ing information security, and to develop in¬ 
tegrated and coordinated safeguards for clas¬ 
sified and unclassified information rather than 
to segregate information security concerns into 
defense and civilian needs. By developing in¬ 
tegrated standards for defense and civilian 
agencies and for private sector use, NSA hopes 
to lower the cost of safeguard products and, 
thereby, increase their use.^OTA was unable 
to obtain an unclassified summary of all pro¬ 
grams initiated by DoD under NSDD-145. 

The following summarizes selected DoD pro¬ 
grams under NSDD-145 that affect civil agen¬ 
cies and the private sector. It is based on ma¬ 
terials provided by NTISSC.'^ 

• Civil Agency Customer Support: A branch 

within the National Computer Security 
Center (NCSC) was organized in 1986 to 
provide services to civil agencies and de¬ 
partments, including: 

—onsite security enhancement reviews to 
identify threats and vulnerabilities, and 
provide recommendations for im¬ 
provements; 

—technical consultations and/or one-time 
review visits (less detailed reviews); 
—assistance in preparing proposals for 
trusted computer system procurements; 
—assistance in drafting security policies; 
and 

-briefings on computer security, NCSC, 
and other related topics. 

• Trusted Computer System Training:. NSA 

issued the Department of Defense Trusted 
Computer Systems Evaluation Criteria, 
also known as the "Orange Book, " to all 
Federal agencies and departments in No- 


"'HaroldE. Daniels. Jr., NSA S-0040-87, Feb. 20,1987, En- 
plnmiT*p A 

i 9 i^etter from Donald C. Latham to OTA, NTISSC-089/86, 
Nov. 7, 1986. 
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vember 1985 for consideration as a na¬ 
tional standard. To aid this review, NCSC 
presented briefings and tutorials to more 
than 70 Federal agencies. 

• Special Assistant for Civil and Private 
Sector Programs: To fulfill its obligations 
under NSDD-145, NCSC, in the summer 
of 1986, created a senior-level position for 
a person to help define future directions 
and strategies for NCSC interactions with 
the civilian agencies and the private sector. 

• Computer Security Training for Civil 
Agencies: NCSC has organized and is giv¬ 
ing courses in computer security to Fed¬ 
eral employees of the civilian agencies. The 
one-week courses are given twice a year 
and are open to all Federal agencies. Also, 
NCSC has initiated an annual computer 
security training seminar to allow com¬ 
puter security trainers throughout the 
Federal Government to exchange informa¬ 
tion on effective methods. 

Data Encryption Standard (DES) Endorse¬ 
ment Program. -Launched by NSA in October 
1982 (before NSDD-145), this program is de¬ 
signed to test and endorse equipment using 
DES to protect national security-related tele¬ 
communications in compliance with Federal 
Standard 1027."Under the program, vendors 
wishing to supply endorsed cryptographic 
products for unclassified use by Government 
agencies and contractors submit their DES 
components (electronic devices) to the National 
Bureau of Standards (NBS), which validates 
the component correct implementation of the 
DES algorithm. NSA then determines whether 
the product meets all other Federal r^uire- 
ments for endorsement and certification. 

By October 1986, 32 families of equipment 
(17 voice, 14 data, and 1 file encryptor), totaling 
some 400 models, had been formally endorsed.^' 


Telecommunications: General Security Requirements for 
Equipment Using the Data Encryption Standard, ” Apr. 14, 
1982. 

'' Information Security, Inc., “Vulnerabilities of Public Tele¬ 
communications Systems to Unauthorized Access, ” OTA con¬ 
tractor report, November 1986, ref 14. 


These products are available to protect unclas¬ 
sified Government information and all levels 
of sensitive private sector information. 

NSA announced in 1986 that it would ter¬ 
minate the DES Endorsement Program in 
1988 in favor of the Commercial Communica¬ 
tions Security Endorsement Program (see be¬ 
low)." According to NSA, the change was a 
result of several factors, including the fact that 
DES has been a widely applied public al¬ 
gorithm for 15 years and, as such, a worthwhile 
target for adversaries. Therefore, NSA consid¬ 
ers it prudent for DES to be phased out over 
time.^ 

The announcement has led some users to in¬ 
fer that DES is now unsound and, reportedly, 
to delay adopting saf^uards because of con¬ 
fusion over the longevity of DES and the roles 
of NSA and NBS in setting standards for cryp¬ 
tographic algorithms.'^'ln particular, the 
American Bankers Association, which says 
that the U.S. banking industry had already in¬ 
vested years of work and several million dol¬ 
lars in DES-based equipment, spent 16 months 
(from October 1985 to F ebruary 1987) educat- 
ing NSA about their business needs. ABA 
spokesmen have said that, "Our industry has 
lost momentum in adopting improved security 
technology, and it remains to be seen if we can 
overcome the damage that has been done to 
the perceived security of DES-based tech¬ 
niques. 

Commercial Communications Security (COM¬ 
SEC) Development Programs.-One of NSA's 
stated goals is to "make high-quality, low-cost 
cryptography available to qualified communi¬ 
cations manufacturers for embedding in their 


^"'According to NSA, DES products endorsed prior to Jan. 
1, 1988 can be used indefinitely. Harold. E. Daniels, NSA 
S-0033-87, Feb. 12,1987, p. 4of Enclosure 3. 

“Harold E. Daniels, NSA S-0033-87, Feb. 12, 1987, p. 4 of 
Enclosure 3. 

Peter Hager: “NSA Plan to Replace DES Draws Criti¬ 
cism, ” Government Computer News, May 9, 1986. Cheryl W. 
Helsing, Testimony on Behalf of the American Bankers Asso¬ 
ciation before the House Committee on Science, Space and Tech¬ 
nology, Feb. 26, 1987, 

^'Jbid., Cheiyl W. Helsing. 
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products. According to NSA, "qualified' 
manufacturers of such products must meet 
four basic criteria.^^'These are: 

1 . The firm must not be under foreign owner¬ 
ship, control, or influence, as prescribed 
by the Defense Investigative Service 
(DIS). 

2. The firm must have or obtain a DIS facil¬ 
ity clearance because the cryptographic 
design information is classified even 
though the resultant products are not. 

3. The product host in which the firm pro¬ 
poses to embed cryptography must, in 
NSA's estimation, make obvious market 
sense. 

4. The company must demonstrate that it 
can produce products that meet or exceed 
NSA's minimum standards of quality and 
reliability y. 

NSA has established two programs to 
achieve its goal: one to develop the host prod¬ 
ucts and the other to develop the embeddable 
cryptographic modules. The first, called the 
Commercial Communications Security En¬ 
dorsement Program (CCEP), is a "business 
method" partnership between NSA and U.S. 
firms to develop a variety of secure products, 
such as personal computers, radios, and local 
area networks. The approach pairs NSA's cryp¬ 
tographic expertise, as embodied in embedda¬ 
ble modules that implement secret NSA cryp¬ 
tographic algorithms, with vendors' investments 
to develop host products that incorporate the 
modules. According to NSA, the industry part¬ 
ner then sells a "value-added" product. As of 
November 1986, NSA had about 40 such part- 


^*’NSA Press Release for Development Center for Embedded 
CO N! SEC Products, Jan. 10, 1986 (enclosure in letter from D. 
Latham to OTA, Nov. 7, 1986). 

‘'Letter from Harry Daniels to OTA, Feb. 12, 1987, p. 5 of 
Enclosure,!. According to NSA,these criteria are prudent and 
not overly burdensome to potential participants. However, the 
requirements for security clearances from the Defense Inves¬ 
tigative Services might be seen as burdensome by some firms, 
especially smaller firms that do not ordinarily need them for 
their personnel. 


nerships arranged through memoranda of un¬ 
derstanding." The first CCEP secure system 
was available in 1986. ^ 

The second program is another joint NSA/in- 
dustry venture called the Development Cen¬ 
ter for Embedded COMSEC Products 
(DCECP). Eleven large U.S. corporations- 
Harris, Motorola, RCA, Rockwell Interna¬ 
tional, Hughes Aircraft, GTE, AT&T Technol¬ 
ogies, IBM, Xerox, Intel, and Honeywell— 
have joined with NSA to produce modules for 
use in products to be developed for the com¬ 
mercial COMSEC program. According to 
NSA, these corporations were chosen based 
on their expertise in making selected telecom¬ 
munication products. Each firm will manufac¬ 
ture one or more types of the NSA modules 
after NSA has evaluated and approved them. 
Each manufacturer may embed its modules 
within its own host equipment, a personal com¬ 
puter or a secure telephone, for example, and/or 
sell the modules to other "qualified" host 
equipment manufacturers. Commercial divi¬ 
sions in each corporation are assisting in the 
design and review of the standard modules to 
ensure that they can be used in a wide variety 
of commercial equipment.^" 

In addition to the list of endorsed DES prod¬ 
ucts mentioned above, NSA also maintains 
lists of endorsed information security products 
and potential products. The information secu¬ 
rity products on these lists have been evalu¬ 
ated and endorsed by NSA as having met 
standards or requirements for use by the Gov¬ 
ernment and its contractors to protect classi¬ 
fied or unclassified, but sensitive information. 
The endorsement certifies cryptographic sys¬ 
tems as having met NSA security specifica¬ 
tions for a specified level of security. Items on 
their potential list are under development. As 
of December 1, 1986, 14 firms and some 30 


““(’commercial COMSEC Endorsement Program,” enclosure 
in letter to OTA from Donald Latham, Nov. f, 1986. 

“ 'Information Security, Inc., “Vulnerabilities of Public Tele¬ 
communications Systems to Unauthorized Access, OTA con¬ 
tractor report, November 1986. p. 38. 

'Jbid., and NSA S-0033-87, p.6of Enclosure 3. 
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cryptographic products were on the endorsed 
list; about 30 firms and products were on the 
potential list. 

Further, NSA lists computer systems, soft¬ 
ware, or components that have been evaluated 
according to DoD's evaluation criteria for 
trusted computer systems. NSA also lists com¬ 
panies that provide communications encryp¬ 
tion services and equipment evaluated accord¬ 
ing to the National TEMPEST Standard 
(NACSIM 5100A). 

Standard NSA Product Line of Cryptographic 
Modules.-The "modules” being developed un¬ 
der the DCECP are sets of integrated circuits 
or printed wiring boards incorporating these 
"chip sets. " According to NSA, each module 
is a general-purpose cryptographic device for 
digital data. The standard modules are designed 
to be transparent to the user, with a flexible, 
microprocessor-compatible interface and control 
structure.^"The standard module approach is 
intended by NSA to foster development of In¬ 
teroperable secure systems, using well-defined 
interfaces and common design features through¬ 
out the family of standard modules. 

In Its announcement for the standard Type 
1 product line intended for classified digital 
information, NSA noted such additional fea¬ 
tures as tamper resistance, electronic and/or 
over-the-air re-keying, and enhanced transmis¬ 
sion-error detection. There are four Type 1 
modules, for classified applications in three 
general bandwidths. There also will be three 
Type 2 modules, intended for unclassified, but 
sensitive applications. 

Names, specifications, and applications of 
the Type 1 modules are as follows: 

• WINDSTER: Data rate up to 200 kb/s; 
9 cryptographic modes; suitable for hand¬ 
held radios, pocket pagers, and telephones. 
(Note: A lower performance module called 
INDICTOR is also available.) 


the Shelf Information Security Products: A Family of 
User-Friendly Modules for Embedding Within a Wide Range 
of Telecommunication Systems, NSA; enclosure to letter from 
D. Latham to OTA, Nov. 7, 1986. 


• TEPACHE: Data rate up to 10 Mb/s; 6 
cryptographic modes; suitable for mini¬ 
computers, modems, local area networks, 
and word processors. 

• FORESEE: Data rate up to 20 Mb/s; 7 
cryptographic modes; suitable for satel¬ 
lite links, microwave links, fiber optic 
links, and mainframe computers. 

Type 2 modules, which will be available at 
an unspecified future date, have been given 
the names EDGE SHOT (same data rate as 
WINDSTER), BULLETPROOF (same data 
rate as TEPACHE), and BRUSHSTROKE 
(same data rate as FORESEE). Types 1 and 
2 modules are intended to be interoperable 
within each bandwidth.^^NSA plans to key 
Type 1 modules through a secure key manage¬ 
ment system. It is not clear whether private 
firms that choose to use Type 2 modules will 
be able to control key generation independently 
of NSA. 

NSA notes that the modules are designed 
to perform more system security functions 
than if they contained just a "naked" key 
generator chip and to leave fewer security func¬ 
tions for the host vendor to add on. However, 
to accommodate a wider range of commercial 
host products, NSA has an alternative com¬ 
mercial Type 2 "naked" key generator chip 
available to potential host vendors. Type 2 
modules will be made available to qualified 
firms that have a memorandum of understand¬ 
ing with NSA, to firms under contract with 
NSA or other Government agencies to develop 
a cryptographic product, to Government agen¬ 
cies doing cryptographic development, and to 
certain other firms approved on a case-by-case 
basis. 

Some users have expressed concerns that the 
embedded cryptography will not be readily 
compatible with their existing equipment and 
operations, and others note that the change 
is damaging to manufacturers of DES equip- 


^^Information on Types 1 and Type 2 modules were provided 
by NSA at a meeting of the IEEE Subcommittee on Privacy, 
June 18, 1986. 

'^■^HaroldE. Daniels, Jr., NSA S-0033-87, Feb. 12,1987, PP- 
8-9 of Enclosure 3. 
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ment. To ease the transition, NSA had offered 
to work with manufacturers of the Data En¬ 
cryption Standard (DES) components and de¬ 
velop pin-for-pin replaceable circuits using the 
new NSA algorithms, so that equipment man¬ 
ufacturers' investments in product designs 
would not be lost. According to NSA, none of 
the DES component manufacturers expressed 
interest in this plan. ^ 

STU-III Program.-NSA initiated the Secure 
Telephone Unit III (STU-III) program in 1984 
to develop a new generation of secure telephone 
equipment using classified NSA algorithms 
(but not the standard modules being developed 
under the DCECP program). NSA intends that 
the STU-III program serve all Government 
agencies and private companies that require 
telephone security. NSA-sponsored studies 
have estimated a market for 2 million units, 
with DoD being the largest single buyer. Mar¬ 
ket studies by vendors also indicate potential 
sales of 1 million to 2 million units to the pri¬ 
vate sector,'" although these conclusions are 
admitted to be soft. According to NSA, the 
STU-III program will feature the capability 
for multilevel security, availability of Type 2 
units to the private sector, and interoperabil¬ 
ity among all STU-III users. This will make 
the units attractive to a broad range of Gov¬ 
ernment and private sector users. 

The first production contracts were awarded 
in J uly 1986 to three vendors—AT&T, RCA, 
and Motorola. They are authorized to market 
their Type 2 product directory to the private 
sector. The 2-year, fixed-price contracts totaled 
about $190 million for 49,640 units. (Seesec¬ 
tion above on Secure Voice Programs.) 

NSA reports that the STU-111 vendors still 
consider the government-contractor and other 
segments of the private sector market to be 
"embryonic, in that customers have ex¬ 
pressed interest but are waiting to seethe prod¬ 
uct. SampleType 2 units will be available in 
1987, at which time vendors are expected to 


^’Harold E. Daniels, NSA S-0033-87, Feb. 12, 1987, p. 4 of 
Enclosure 3. 

"'*'‘STU-II I Program Status, ” enclosure in letter from D. 
Latham to OTA, Nov. 7, 1986. 


begin more active marketing efforts. Accord¬ 
ing to NSA, Type 2 units could be delivered 
to private sector customers beginning in J an- 
uary 1988. The production contracts contain 
an add-on option allowing additional STU-llls 
(see above) to be produced at a reduced unit 
cost, in the $2,400 to $2,600 range. 

Almost all of the current order was for Type 
1 units intended for classified uses, but 300 
Type 2 units for unclassified, but sensitive in¬ 
formation were also included in the initial con¬ 
tract. NSA will be the source of all crypto¬ 
graphic keys for the STU-III phones, including 
those purchased by private sector users. For 
the Type 2 phones, users will be able to estab¬ 
lish their own internal procedures for k^ man¬ 
agement, except key generation. Type 2 users 
within the Government will obtain their keys 
directly from NSA; private sector users will 
order keys from NSA via their STU-III 
vendors.'' 

The Secure Data Network System.-The Se¬ 
cure Data Network System (SDNS) project 
seeks to design an architecture for secure com¬ 
puter networks. The project will provide a secu¬ 
rity architecture design for networks that 
transmit digital data between computers. The 
project, certain aspects of which are currently 
classified, is sponsored by NSA and includes 
participation by NBS, the Defense Communi¬ 
cations Agency, and about a dozen computer 
and communications vendors. 

SDNS is intended to support both classified 
and unclassified applications. The system will 
provide confidentiality, data integrity, mes¬ 
sage authentication, and access control serv¬ 
ices. The services and standards for them are 
being designed to be compatible with those be¬ 
ing developed by the I nternational Organiza¬ 
tion for Standardization (ISO). Currently, the 
project is in the prototype development stage. 
Hardware is being developed and tested for 
performance, interoperability, and confor¬ 
mance with ISO standards. 


“NSA response to OTA questions on STU-II I: NSA S-O033- 
87, Enclosure 1, Feb. 12, 1987. 

'• I bid. 
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Encryption capabilities will be provided with 
two different NSA-supplied algorithms, both 
of which will remain classified. A Type 1 al¬ 
gorithm will be used for encrypting classified 
information and a Type 2 will be used for un¬ 
classified but sensitive information. 

Raising Private Sector Awareness.- The Fed¬ 
eral Communications Commission (FCC) is tak¬ 
ing steps to alert the private sector to the vul¬ 
nerabilities of communications systems. The 
FCC recently issued for NSA a public notice 
advising licensees and users that "the Nation's 
telecommunications systems, particularly 
those involving terrestrial microwave trans¬ 
mission media and satellites, are extremely vul¬ 
nerable to unauthorized access. ^^This no¬ 
tice, which also applies to telecommunications 
services or equipment that bypass public- 
switched services, encourages concerned users 
to seek assistance from NSA in "identifying 
approved devices for the protection of sensi¬ 
tive, but unclassified, national security-related 
communications (Government or nongov¬ 
ernment). 

Implications of Merging Defense, 

Civilian Agency, and Private Sector 
Requirements 

Advocates of combining security standards 
for unclassified information and guidelines for 
Government agencies with those for the pri¬ 
vate sector argue that aggregati ng markets 
will permit manufacturers to enjoy production 
economies and result in lower prices for safe¬ 
guard products. Moreover, some feel that the 
current markets for computer and communi¬ 
cations safeguards, particularly for trusted 
operating systems and cryptographic prod¬ 
ucts, are "fragile. They argue that one coordi¬ 
nated set of Federal standards is needed to en¬ 
courage and strengthen these markets. Critics 
of the present approach of National Security 
Agency (NSA) standards development and 
product certification see these as not fully re- 


‘“Federal Communications Commission, Security and Pri¬ 
vacy of Telecommunications, Public Notice 6970, Sept. 17, 1986. 
’•'FCC Public Notice 6970, Sept. 17, 1986. 


sponsiveto current and evolving defense, ci¬ 
vilian, and business needs. 

There is some early evidence that NSA has 
already begun to encounter difficulty in satis¬ 
fying the diverse needs of the private sector, 
beginning with the banking industry. (See ch. 
6.) Moreover, NSA's controlling role may raise 
barriers to market entry by new vendors. At 
a more fundamental level, NSA's national secu¬ 
rity and signals intelligence interests in con¬ 
trolling encryption technology appear in tension 
with its new role in developing and dissemi¬ 
nating safeguard technologies and products. 
(See below and ch. 7.) 

Possible Barriers to Market Entry .-Only 
"qualified" manufacturers meeting the NSA 
criteria noted earlier will have access to NSA 
designed and endorsed standard cryptographic 
modules. Moreover, there will be accountabil¬ 
ity requirements for all modules and, even 
though the hardware modules themselves will 
be both unclassified and tamperproof to pre¬ 
vent reverse engineering, NSA may place re¬ 
strictions on their export. (See below. ) 

The embeddable modules are being produced 
by the 11 large electronics firms mentioned 
above, NSA's "industry partners. " Because 
of the limited number of these firms and be¬ 
cause they will most likely also produce host 
products incorporating the modules (for the 
Commercial Communications Security En¬ 
dorsement program), some prospective en¬ 
trants into the host product market have ex¬ 
pressed concern that competition in this 
potentially lucrative market will be essentially 
limited to firms already participating in the 
module program. Faced with the prospect of 
purchasing the embeddable modules from 
large, vertically integrated competitors, some 
prospective entrants fear that NSA's tight con¬ 
trols on its commercial programs will limit 
competition. 

NSA, on the other hand, does not consider 
the qualification criteria particularly burden¬ 
some, but, rather, reasonable. For instance, 
NSA notes that there are over 13,000 Defense 
I nvestigative Service cleared facilities in the 
United States and that cryptographic design 
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information is classified with access limited to 
U.S. entities in accordance with prudent over¬ 
all security considerations. Similarly, NSA 
considers that decisions about the quality and 
market criteria will be fairly executed, with am¬ 
ple opportunity for vendors and potential ven¬ 
dors to present their cases. According to NSA, 
host vendor participation in the CCEP pro¬ 
gram has already exceeded participation in the 
DES Endorsement Program. 

As to competition in the host product mar¬ 
ket, NSA's stated intent is to make the De¬ 
velopment Center for Embedded Communica¬ 
tions Security Products (DCECP) modules 
competitively available to host manufacturers. 
All 11 of the DCECP module vendors have ac¬ 
cess to both Types 1 and 2 design documenta¬ 
tion and, according to NSA, it is a vendor de¬ 
cision as to which module(s) to fabricate and 
produce. The Government owns the designs 
and NSA has stated that, should a particular 
module not be chosen by any of the 11 manu¬ 
facturers for fabrication and production, or 
should there not be competitive sources for a 
given module, then the agency will seek addi¬ 
tional sources for the modules. NSA also notes 
that, in order to achieve scale economies, com¬ 
petitors may sell to each other-a practice that 
is common in the electronics industry. 

DoD Control of Encryption Technology.- 
NSA sees its signals intelligence mission to 
beat risk if effective cryptography were avail¬ 
able worldwide. As a result, NSA faces ten¬ 
sions between its missions of encouraging do¬ 
mestic use of effective encryption and other 
safeguards while controlling the transfer of en¬ 
cryption technology overseas. Thus, its strat¬ 
egies to improve the availability of safeguards 
for use by U.S. nondefense Government agen¬ 
cies and businesses also include controls on the 
dissemination of such products and technical 
data, some of which have already begun to 
cause new tensions with the private sector. 


“’Harold E. Daniels, Jr., NSA S-0033-87, Feb. 12,1987, pp. 
8*9 of Enclosure 2; p, 5 of Enclosure 3. 

" Ibid., pp, X-IO of Enclosure 2. 


Cryptographic hardware and software are 
controlled by bilateral agreements and by pat¬ 
ent and export control legislation and regula¬ 
tions, including the Export Administration 
Regulations, the Invention Secrecy Act (35 
U.S.C. 181 et. seq.), and the International Traf¬ 
fic in Arms Regulations (ITAR), " as dis¬ 
cussed in chapter 6. All equipment and sys¬ 
tems based on DES, including those for 
automatic data processing file security and 
message authentication for electronic fund 
transfers, are included on the ITAR Munitions 
List and fall under the jurisdiction of the De¬ 
partment of State's Office of Munitions Con¬ 
trol (OMC). OMC licensing agreements are co¬ 
ordinated with NSA. 

The exportability of cryptographic safe¬ 
guards is an important consideration for many 
businesses that have overseas correspondents 
or subsidiaries. Prominent among these is the 
banking industry, which has spent some years 
developing techniques and standards for trans¬ 
action authentication and confidentiality. 
These are based on DES, which can be licensed 
for export and use abroad. When NSA an¬ 
nounce its planned replacement of DES with 
secret (CCEP) algorithms, bankers and the 
American Bankers Association (ABA) became 
concerned that the CCEP algorithms and mod¬ 
ules could not be used by the financial indus¬ 
try as a substitute for DES. For one thing, reli¬ 
ance on one or a few algorithms would be 
unacceptable for use in some foreign countries 
or banks, even if NSA would permit their use 
abroad. Also, according to the initial NSA an¬ 
nouncement, the (Type 2) modules may not be 
used internationally or placed in equipment for 
use by non-U. S. entities. 

Finally, the bankers found the prospect of 
NSA retaining control of the cryptographic 
keys to be an unacceptable transfer of bank 
responsibility to a Government agency. As of 
mid-1987, NSA and ABA were still discuss- 

J. Multilaterallv agreed upon export controls are determined 
through an international coordinating committee (COCOM) 
whose membership includes representatives of the United States 
and 13 l\ S, allies, 

*M.Smaldone, Office of Munitions Control, personal commu¬ 
nication with OTA staff. Sept. 24,1986. 
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ing whether NSA would provide an acceptable 
exportable module for use overseas to authen¬ 
ticate financial transactions. In mid-February 
1987, NSA and ABA reached agreement that 
NSA would continue to support the financial 
industry's use of DES-bas^ technology until 
an acceptable replacement is available."^ 

NSA appears to be reconsidering the export¬ 
ability issue for Type 2 modules. In February 
1987, in response to a question from OTA, 
NSA officials stated that: 

The NSA desires that host products employ¬ 
ing Type 2 modules be usable by U.S. entities 
outside the U.S. For example, a U.S. firm oper¬ 
ating in Europe should be able to purchase and 
use a Type 2 product, or a foreign subsidiary 
should be able to use a Type 2 product as long 
as ownership was maintained by a U.S. entity. 
Use by foreign firms or individuals, when it 
is in the U.S. interests for interoperability is 
possible, depending on the country involved 
and inter-country agreements. * 

The various NSA outreach and industry 
partnership activities seem tailored to the 
agency's dual missions of encouraging the use 
of safeguards while controlling the spread of 
cryptographic and cryptanaiytic expertise. For 
the former, NSA uses site visits, briefings, ex¬ 
changes of personnel and information, and 
product evaluation and endorsement in addi¬ 
tion to written standards and guideiines. For 
the latter, NSA makes cryptographic hardware 
and interface specifications generally available 
to host equipment vendors and users, without 
broadly transferring expertise in crypto¬ 
graphic design and cryptanalysts. For in¬ 
stance, it is unclear whether even the 11 mod¬ 
ule manufacturers know all the cryptologic 
criteria used by NSA in developing the al¬ 
gorithms, although NSA gives them the de¬ 
sign information and expertise needed to man¬ 
ufacture the hardware that implements the 
algorithms. 


^^Cheryl W. Helsing, Testimony on Behalf of the American 
Banking Association before the House Committee on Science, 
Space, and Technology, Feb. 26, 1987. 

''Op.cit., Harold E. Daniels, Jr., NSA S-0033-87, p. 10 of En¬ 
closure 2. 


In contrast, the DES standard as promul¬ 
gated is public information, not iimited to spe¬ 
cific manufacturers and vendors, and provides 
more visibility into the algorithm itself. The 
fact that the algorithm was published made 
possible independent evainations of its robust¬ 
ness, as well as (unvalidated) software imple¬ 
mentations, thereby contributing to private 
sector capabilities in commercially useful cryp¬ 
tography. 

On the other hand, NSA believes that asser¬ 
tions to the effect that current policies and the 
DCECP and CCEP programs limit competi¬ 
tion and stifle private sector innovations and 
development are unsupported. According to 
NSA officiais, the agency is actively encourag¬ 
ing private sector innovation and the devel¬ 
opment of information safeguards for business 
needs. For example, NSA cites the CCEP pro¬ 
gram, in which prospective host product ven¬ 
dors determine which products to produce 
based on their assessments of market needs. 

Moreover, part of the rationale for NSA's 
approach is to use interfirm competition to 
drive down the cost of information security 
products like the STU-111 phones. NSA and 
the rest of DoD have been concerned that reia- 
tively high costs have limited their use within 
DoD and elsewhere. The resulting small mar¬ 
ket was not attractive to producers. By mak¬ 
ing information security products more afford¬ 
able, NSA hopes to increase their availability 
and use. In achieving this, according to NSA, 
'technological competitiveness is the goal in 
driving costs down versus cryptographic com¬ 
petitiveness which does nothing for cost and 
can have a deleterious effect on national 
security. 

Technology Development and Dissemina¬ 
tion.-After a number of DoD-sponsored 
studies and demonstration projects during the 
1970s to address technical problems associated 
with controlling the flow of classified and other 
information in multiuser computer systems, 
the DoD Computer Security Initiative was 


'"Harold E. Daniels, Jr., NSA S-0040-87, Feb. 20, 1987, En- 
closures D and E. 
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started in 1977. Concurrently, the National Bu¬ 
reau of Standards (NBS) began to define the 
construction, evaluation, and auditing of se¬ 
cure computer systems. As an outgrowth of 
recommendations from a 1978 NBS workshop 
paper on criteria for evaluating technical com¬ 
puter security effectiveness, and in support of 
the DoD Computer Security Initiative, the 
MITRE Corp. began to develop a set of cri¬ 
teria for assessing the level of trust that could 
be placed in a computer system to protect clas¬ 
sified data. 

In 1981, the DoD Computer Security Evalu¬ 
ation Center was established to continue the 
work started under the DoD Computer Secu¬ 
rity Initiative. The center, located within NSA, 
was renamed the National Computer Security 
Center after its responsibilities were expanded 
by National Security Decision Directive 145 
(NSDD-145). 

The National Computer Security Center 
(NCSC) developed the "Orange Book” criteria 
for evaluating multilevel security in commer¬ 
cial computer systems. The original criteria 
were published as the Department of Defense 
Trusted Computer System Evaluation Criteria 
(CSC-STD-001-83, August 15, 1983). A deriva¬ 
tive but slightly different document was later 
published as DoD 5200.28-STD in December 
1985. The Orange Book criteria evolved from 
the earlier NBS and MITRE work." NCSC 
has also released 'Yellow Books" that help 
users apply the comprehensive Orange Book 
criteria to specific computer facilities.* 

The criteria specify four divisions, ranging 
from Division D (minimal protection) up 
through Divisions C (discretionary protection) 


From information on the history of the Orange Book cri¬ 
teria contained in DoD 5200.28 -STD, which provides a more 
detailed history and rationale for the trusted computer system 
evaluation criteria. 

^^DoD Computer Security Center: “Computer Security Re¬ 
quirements: Guidance for Applying the DoD Trusted Computer 
System Evaluation Criteria in Specific Environments (CSC-STD- 
003-85 ),” June 25, 1985; and “Technical Rationale Behind CSC- 
STD-003-85: Computer Security Requirements (CSC-STD-O04- 
85), ” June 25, 1985. 


and B (mandatory protection), to the most com¬ 
prehensive Division A (verified protection). 
Each division represents an improvement in 
the overall confidence that can be placed in the 
system to protect information. Within divi¬ 
sions C and B, security classes such as Cl, C2 
or Bl, B2, and B3 correspond to progressively 
stronger security features. 

NSA produces a number of computer secu¬ 
rity documents ranging from trust^ operating 
systems (the "Orange" and 'Yellow Books' 
to forthcoming criteria for trusted computer 
networks and data bases.''^ Some users ap¬ 
parently have reported difficulties in interpret¬ 
ing the Orange Book criteria at the higher pro¬ 
tection levels; as one response to this, NSA 
has developed a rules-based expert system 
available to guide users through the Yellow 
Books. 

The Orange Book criteria have been adopted 
as a DoD standard (DoD 5200.28 -STD, Decem¬ 
ber 1985), and therefore these security require¬ 
ments must be included in specifications for 
new systems being developed by DoD. How¬ 
ever, the question of whether the Orange Book 
criteria and evaluated products program will 
best serve the unclassified, but sensitive in¬ 
formation security needs of civil agencies and 
the private sector is being debated within the 
computer-security community, especially out¬ 
side NSA. (See the section below on differences 
between military and commercial models of 
security.) As of May 1987, the NCSC's Evalu¬ 
ated Products List reported security class rat¬ 
ings according to the Orange Book criteria for 
8 products, and about 20 more products were 
being evaluated.” 


'Presentation by P. Gallagher of NSA. at an IEEE Subcom- 
mittee on Privacy meeting at George Washington University 
in Washington, D. C., Nov. 13, 1986. 

‘(’Some information on the evaluated products program was 
contained in a letter from Harold E. Daniels, Jr., NSA S-O033- 
87, Feb. 12, 1987, p. 7 of Enclosure 2. See also: National Com¬ 
puter Security Center, Evaluated Products List for Trusted Com¬ 
puter Systems, Dec. 1, 1986 (updated May 31, 1987). 
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OBJECTIVES AND PROGRAMS UNRELATED TO 
NATIONAL SECURITY 


Background 

As part of this study, OTA surveyed the 
data and information security procedures, pol¬ 
icies, and practices of large U.S. corporations. 
The survey also tried to determine the extent 
to which these firms are aware of Government- 
sponsored assistance and whether they have 
been affected by National Security Decision 
Directive 145. 

The survey was self-administered at an Oc¬ 
tober 1986 meeting of Palmer Associates, a 
group of computer audit directors of Fortune 
100 companies. Questionnaires were completed 
by all 26 people present, a sample that is far 
too small to be representative of U .S. indus¬ 
try at large or for statistical generalizations. 

Nevertheless, the results are of value for two 
major reasons. First, they illustrate the per¬ 
ceptions of some knowledgeable corporate 
leaders about security needs and practices. Sec¬ 
ond, the vast majority of the respondents were 
from nondefense companies (92 percent, with 
42 percent from banking alone), while most of 
NSA's experience with the private sector has 
been with defense contractors. The survey re¬ 
sults may shed some welcome light on the 
desirability and feasibility of NSA's plans to 
meet aggregated users' needs with one set of 
standards, guidelines, and technologies, and 
can provide a context for the section below on 
differences between military and commercial 
models of information security. 

Also, the consulting firm of Ernst & Whin- 
ney included some of the same questions in a 
separate survey that was self-administered by 
attendees of the Computer Security Institute's 
13th Annual Conference held in November 
1986 in Atlanta, Georgia. A total of 562 com¬ 


pleted questionnaires (a 12 percent response 
rate) were returned on site or by mail; 141 re¬ 
sponses (25 percent) were from Government 
employees and the remainder came from a 
broad spectrum of business and industry. Of 
the respondents, another 18 percent were from 
manufacturing, 15 percent from financial serv¬ 
ices, 9 percent from insurance, and 8 percent 
from communications firms. Only 3 percent of 
the respondents identified themselves as from 
the defense industry. With Ernst & Whinney's 
permission, some of their survey data are used 
in this chapter, in addition to the OTA survey 
data. 

Private Sector Motivations 

Private industry and civilian agencies want 
information safeguards to: 

• protect corporate proprietary or sensitive 
information from unauthorized disclosure 
or access and ensure the integrity of data 
and its processing; 

• reduce losses from fraud and errors in elec¬ 
tronic funds transfers and other financial 
transactions, limit associated increases in 
insurance premiums, and limit exposure 
to legal liabilities for preventable losses; 
and 

• take advantage of new opportunities to 
reduce costs. 

Box E provides several indicators of increased 
private sector interest in electronic safeguards. 

Protection of valuable corporate electronic 
information from disclosure (confidentiality) 
is important to many firms, but this need is 
not necessarily a firm's major concern for in¬ 
formation security. The OTA survey found 
that the 26 respondents placed roughly equal 
importance on integrity, confidentiality, and 
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Box E—Indicators of Private Sector Interest in Safeguards 

Even though many industry spokesmen consider the market for many advanced saf^uards 
fragile and emerging, OTA has noted a number of indications of growing private sector interest 
in improved safeguards, including: 

• Rapid growth in the number of computer-communications security conferences during recent 
years and/n tha'r attendance levels.—Attendance at the National Computer Security Confer¬ 
ence, sponsored jointly by the National Security Agency (NSA) and the National Bureau of 
Standards (NBS), increased three-fold in the last 7 years, from about 350 in 1980 to more 
than 1,000 in 1986. Capacity constraints at NBS conference locations have forced sponsors 
to limit attendance. Some other conferences, such as the Institute of Electrical and Electronics 
Engineers (IEEE) Symposium on Security and Privacy are also limited by space constraints. 
Attendance at the Computer Securit y Institute's annual Computer Security Conference/Exhi¬ 
bition doubled-from 600 to 1,200-between 1981 and 1985, and the American Society for 
Industrial Security Seminar and Exhibition has expanded to include computer security, bio¬ 
metrics, and access control. In addition, many new conferences and workshops given by secu¬ 
rity consultants and user groups have sprung up over the past 3 years. Among the latter 
are conferences and workshops for users of the Top Secret and RACE access control software 
packages. Other annual conferences include CRYPTO in the United States and EUROCRYPT, 
both sponsored by the International Association of Cryptologic Research. 

• Increases in thela/el of sales of safeguard equipment and software. -According to market 
reports, installations of two of the most popular commercial access control software pack¬ 
ages, ACF2 and Top Secret, have grown by more than a factor of 10 over the past 6 or so 
years. 

• The rise in the number of computer and communications security consultants and in the num¬ 
ber of organizations for security profess! onais.-T he number of security consultants listed 
in directories have increased, and new professional groups are forming, such as the Informa¬ 
tion Systems Security Association (ISSA). Consulting firms are expanding their information 
security practices and new services organizations are being established, such as the Interna¬ 
tional Information Integrity Institute (SRI International). 

• The increasing number of technical articles being published on topics related to computer 
and communications security —OTA staff did a word search using the abstracts of articles 
Dublished in the ABI/INFORM journal set, a collection of more than 650 U.S. and foreign 
Dusiness publications including such areas as accounting, banking, data processing, economics, 
finance, insurance, and telecommunications. The 200-word abstracts for the years 1971, 1976, 
1981, and 1985 were searched for 5 selected phrases (computer security, communications secu¬ 
rity, encryption, data integrity, and personal identification) in order to determine whether 
the relative frequencies of these had increased. OTA found that the number of abstracts in¬ 
cluding these phrases had grown in real as well as nominal terms, in particular, the phrase 
"computer security" occurr^ in only one out of 1,737 abstracts in 1971, but occurred in 268 
out of 38,375 in 1985—a 10-fold increase in relative frequency (none of the other 4 phrases 
occurred in any of the 1,737 abstracts in 1971). The phrases "data integrity" and "encryp¬ 
tion" occurred in only two and eight out of 14,356 abstracts, respectively, in 1976. By 1985, 
they occurred in 45 and 85 out of 38,375 abstracts, respectively-a three-fold and ten-fold 
increase in relative frequency. The phrases "personal identification" and "communications 
security" occurred infrequently and did not show significant increases in relative frequency. 
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reliability/continuity of service as components 
of their organization's information security, 
with integrity being rated slightly more im¬ 
portant overall. The larger Ernst & Whinney 
survey found similar results, with both Gov¬ 
ernment and nongovernment respondents rat¬ 
ing integrity slightly higher than confidential¬ 
ity and reliability/continuity. Interestingly, 
Government respondents rated confidential¬ 
ity slightly higher than continuity of service, 
whiie the opposite was the case for nongovern¬ 
ment respondents. 

Encryption or access control technologies 
can protect valuable proprietary information 
from disclosure, but they can also preserve its 
integrity and protect it from accidental or ma¬ 
licious modifications or deletions. This can be 
particularly important where large databases 
are a major revenue-producing asset. The re¬ 
gional Bell operating companies, for example, 
safeguard their on-line database for their Yel¬ 
low Pages to preserve the integrity of the data 
and to prevent unauthorized use, not to pre¬ 
vent disclosure. In that sense, a recent news 
story reported that a disgruntled employee had 
attempted to rewrite parts of the 1988 edition 
cf the Encyclopedia Britannica. The sabotage 
attempt failed, according to a company spokes¬ 
man, because of safeguards that prevented un¬ 
authorized changes to the computer database.'' 

Most of the OTA survey respondents and 
almost 90 percent of the Ernst&f Whinney sur¬ 
vey respondents judged information security 
as being of 'fair' or 'extreme' importance to 
their organizations. Of the Ernst & Whinney 
respondents. Government respondents as¬ 
signed slightly more importance overall to in¬ 
formation security than did the nongovern¬ 
ment respondents. 

All the OTA survey respondents noted an 
increase in the importance of data and infor¬ 
mation security to their firms over the past 


“Britannica Sabotage Thwarted, ” Washington Post, Sept. 
6, 1986, p. D3. 


2 years. About one-third reported "significant 
information or data security problems" dur¬ 
ing the past 2 years, mostly in the form of un¬ 
authorized access and loss of integrity (in one 
case, engineering data was destroyed). In only 
one instance was loss of confidentiality cited, 
resulting in invalid competitive bids—which 
may be an indication of the difficulty of de¬ 
tecting some misuses, rather than their ab¬ 
sence. Only 2 percent of the information han¬ 
dled by these firms is classified for reasons of 
national security, according to respondents to 
the OTA survey. 

The majority of Ernst & Whinney survey 
respondents considered that the security risks 
faced by their organizations have increased 
over the past 5 years, and about one-third of 
the business and one-fourth of the government 
respondents considered that these risks were 
not adequately met. Half of the respondents 
reported financial losses as a result of secu¬ 
rity problems or downtime, mostly under 
$50,000, although a few losses were reported 
to be in excess of $1 million (note that this ques¬ 
tion included losses due to downtime, which 
the OTA survey did not include). About one- 
third of the respondents reported non-financial 
losses, mostly in the form of unauthorized ac¬ 
cess by employees and hackers. For Govern¬ 
ment respondents, about 31 percent of the in¬ 
formation mix handled by their organizations 
was classified for purposes of national secu¬ 
rity, versus only 4 percent for nongovernment 
respondents. 

Reducing EFT Fraud and Other Losses.—U.S. 
banks transferred some $167 trillion in 60 mil¬ 
lion separate transactions in 1984. The actual 
amount of wire transfer fraud experienced by 
banks is unknown. One estimate by the Bu¬ 
reau of J ustice Statistics suggests aggregated 
electronic fund transfers (EFT) and automated 
teller machine (ATM) losses of $70 million to 
$100 million a year during the early 1980s, but 
a large fraction of this figure is due to ATM 
losses from fraud (by "con men, " etc.) against 
the owners of the bank cards. Another Bureau 
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of J ustice Statistics report examined some 139 
problem wire transfers. It found an average 
potential loss per transaction of $800,000, al¬ 
though some potential losses were significantly 
larger." 

Similarly, an American Bar Association 
(ABA) survey of private and public sector orga¬ 
nizations found that one-quarter (72) of those 
responding reported "known and verifiable 
losses due to computer crime in the last 12 
months. Losses reported by respondents 
overall ranged from a few thousand dollars to 
more than $100 million. Most losses reported 
by the (anonymous) respondents were less than 
$ 100 , 000 ."’ 

A large survey by the American Institute 
of Certified Public Accountants revealed that 
2 percent (105) and 3 percent (40), respectively, 
of the banks and insurance companies sur¬ 
veyed had experienced at least 1 case of fraud 
related to electronic data processing (EDP). 
Most perpetrators were employees. More than 
80 percent of the frauds involved amounts un¬ 
der $100,000." 

The Department of J ustice Bureau of J us¬ 
tice Statistics (BJ S) recently examined the 
scope of EFT fraud, based on extrapolations 
from a limited sample of 16 banks. The BJ S 
study suggested annual losses nationwide in 
the $70-$100 million range for automatic teller 
machi ne fraud. Twelve of the banks reported 
139 wire transfer fraud incidents within the 
preceding five years, with an average exposure 


"^See U.S. Congress, Office of Technology Assessment, “Ch. 
5, Computer Crime, ” Federal Government Information Tech¬ 
nology: Management, Security, and Oversight, OTA-C IT-297 
(Washington, DC: U.S. Government Printing Office, February 
1986), for an overview of the scope of computer-related crime 
and losses from electronic fund transfers and automated data 
processing. 

^‘Report on Computer Crime, Task Force on Computer 
Crime, Section on Criminal Justice, ABA, 1984. 

"American Institute of Certified Public Accountants, EDP 
Fraud Review Task Force, Report on the Study ofEDP-Related 
Fraud in the Banking and Insurance Industries, 1984. 


to loss (before recovery efforts) of some 
$880,000 per loss and an average net loss (af¬ 
ter recovery efforts) of about $19,000 per in- 
cident.=^ 

Whatever the actual amount of the losses, 
there is another indirect indicator that this is 
a serious problem: insurance premiums are ris¬ 
ing for protection against fraud and other 
types of losses related to electronic transfers 
of funds."*^ During the past year, financial in¬ 
stitutions' motivations to safeguard value¬ 
bearing transactions-EFTs, letters of credit, 
and securities transfers-have been strength¬ 
ened by actions of their insurers, some of which 
are raising premiums and/or requiring the use 
of message authentication methods approved 
by the American National Standards Institute 
(ANSI). As industry applies safeguards more 
widely and as the use of certified safeguards 
becomes more commonplace, expectations for 
responsible corporate behavior will be raised. 
A new standard, and perhaps a legal criterion, 
appears to be evolving for gauging responsi¬ 
ble corporate behavior, or "due care, in busi¬ 
nesses where firms are expected to provide rea¬ 
sonable safeguards for Information whose loss 
could do significant harm. 

The wholesale banking industry is leading 
this trend, prompted by liability and "due 
care' considerations, by the recommendations 
of internal and external auditors, and by Treas¬ 
ury Department policies. Treasury has issued 
policy directives requiring all Federal elec¬ 
tronic fund transactions to be authenticated 
by J une 1988. Dated August 16,1984, TD-81.80 


‘'Bureau of Justice Statistics Report NCJ-100461, Elec¬ 
tronic Fund Transfer Systems Fraud, April 1986. 

■’^The experience of a west coast bank illustrates the magni¬ 
tude of the changes in coverage being offered by insurers for 
EFT loss claims. Until recently, the bank’s insurance coverage 
cost about $1 million annually, and provided protection of up 
to $50 million per electronic transfer claim, with a $1 million 
deductible. The policy premium in mid-1 986 rose to $5 million, 
with a $10 million deductible, and an upper limit of $100 mil¬ 
lion for total annual claims. [Source: OTA staff discussion with 
bank officials. May 1986. ] 
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specified that Federal EFT transactions be 
authenticated using measures based on DES 
and conforming to ANSI standards. This ac¬ 
tion is expected to have widespread effects 
throughout the banking industry because of 
the large number of systems and communica¬ 
tions links that will use the system, and be¬ 
cause some standards set by Treasury and the 
Federal Reserve System (which serves as the 
interface between Treasury and the wholesale 
banks) become defacto industry standards. As 
certified hardware for authentication becomes 
more widely used, economies of scale will lower 
prices for authentication hardware. As prices 
fall, additional end users are likely to adopt 
techniques and hardware to safeguard other 
business functions, creating a ripple effect 
throughout the private sector. 

Thus, an early and important exception to 
the non-recertification of DES was made by 
NSA in the area of electronic fund transfers. 
Through a memorandum of understanding, the 
Treasury Department will certify commercial 
data security devices for securing fund trans¬ 
fers, with technical guidance and support from 
NSA and NBS. DES will remain the encryp¬ 
tion algorithm for EFT transactions while 
authentication measures will be specified by 
ANSI standards adopted by the wholesale 
banking community." More recently, NSA 
agreed to support use of the DES for bank mes¬ 
sage authentication until an acceptable re¬ 
placement became available. Widespread use 
of DES to authenticate electronic fund trans¬ 
fers will increase demand for DES-based hard¬ 
ware. That could lower its price and encourage 
its adoption for other applications in whole¬ 
sale and retail banking and elsewhere. As an 
example of a retail banking application, the 
DES is used to encrypt customers' personal 
identification numbers in interbank automatic 
teller machine networks in the United States 
and Canada.® 


"Memorandum of Understanding #S52-99-84-018, Parts IV 
and V. This memorandum may be renewed in 1987, according 
to NBS staff. 

Eddie Zeitler, Security Pacific National Bank and Nancy 
Floyd, Citicorp/Quadstar. Personal communications with OTA 
staff, Feb. 18, 1987. 


A superseding Treasury Directive, TD-16.02 
(dated October 2, 1986), extended the authen¬ 
tication requirement to securities transfers and 
stated that equipment designed and used to 
authenticate Federal EFTs must comply with 
Federal Standard 1027, which specifies secu¬ 
rity requirements to be satisfied in implement¬ 
ing DES (FIPS Pub. 46). Keying material used 
in DES authentication must be generated and 
processed in accordance with ANSI Standard 
X9.9. The broader r^uirement is expected to 
speed the dissemination of authentication tech¬ 
niques throughout the private sector. 

A number of private financial institutions 
are taking aggressive steps to prevent certain 
types of misuse. Citibank, for instance, now 
has more than 4,000 encrypted links overseas. 
Similarly, the private Clearing House Inter¬ 
bank Payments System (CHIPS), whose $240 
billion in daily settlements is second in size only 
to the Federal Reserve System, uses ANSI- 
approved standards to authenticate its trans¬ 
actions.® Large U.S. banks have also been 
among the most active participants in the de¬ 
velopment of technical standards through 
ANSI (see below). 

Reducing Costs.—Companies can also reduce 
the costs of routine business transactions by 
conducting them via computer-to-computer 
communications that make use of cryptograph¬ 
ic-based authentication techniques. These 
inter-organization transactions use standard¬ 
ized formats for the electronic interchange of 
business data between independently orga¬ 
nized, owned, and/or operated computer and 
communication systems. This is accomplished 
by each corporate participant assembling its 
transaction data in predefined sequences, called 
'transaction sets. " 


“’Authentication in CHIPS, New York Clearing House, Jan. 
17, 1985. 

In 1986, CHIPS transactions amounted to $125 trillion, com¬ 
pared with $124.4 trillion in domestic transactions handled by 
the FED WIRE system. The FEDWIRE system handles a 
greater volume of transactions than CHIPS, and has many more 
on-line correspondents (7000 depository institutions compared 
to the 121 CHIPS member banks). [Source: Florence Young, 
Division of Federal Bank Operations, Federal Reserve System. 
Personal communication with OTA staff, Feb. 13, 1987.] 
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Several industry-specific interchange stand¬ 
ards have previously been developed, includ¬ 
ing transaction sets for air, motor, ocean, and 
rail transportation, as well as for public ware¬ 
housing, and for the grocery industry. Devel¬ 
opment of an American National Standard for 
electronic data interchange is under way, in¬ 
tended to repiace the many paper and special- 
purpose business methods by 1988. One of the 
long-term goals of this standard is the realiza¬ 
tion of paperless trade transactions and trans¬ 
portation arrangements. Standards for this 
purpose are being deveioped by the ANSI X12 
Committee, which was chartered in 1978. The 
first set of X12 standards for electronic busi¬ 
ness data interchange was approved by ANSI 
in 1983, and more were published in 1986. 

The national standards are intended to be 
broad enough to encompass all forms of busi¬ 
ness transactions amenable to standardization, 
including inter-industry transactions. The elec¬ 
tronic transactions, referred to as Electronic 
Data Interchange (ED I) or Electronic Business 
Data Interchange (EBDI), are intended to re¬ 
duce business costs by speeding up the pur¬ 
chase order cycle, reducing the inventory 
buffers firms must carry, and streamlining 
cash fiow. Dozens of common transactions will 
be integrated using these standards, includ¬ 
ing purchase orders, invoices, shipping notices, 
check payment vouchers, requests for quota¬ 
tions, and marketing information .“These 
transactions amount to billions of dollars an¬ 
nually. An estimated $38 million worth of them 
were handled electronically in 1985; by 1990, 
electronic business transactions are expected 
to amount to more than $1 billion.®' 

These standards, or some compatible form 
of them, may also be adopted worldwide, 
thereby fadiitating internationai transactions 
in different currencies. For this reason, any 
message authentication product, such as that 

‘°®ee: Jack Shaw, “Electronic Business Data interchange: 
A New Strategy for Transacting Business, ” MSA Update, Man¬ 
agement Science America, inc., March’ April 1985; “Detroit Tries 
to Level a Mountain of Paperwork, }3usiness Week,Aug.26, 
1985,pp. 94-96. 

“’Management information Systems Week, J an. 20, 1986. 
Estimates provided by J ack Shaw at the ANSI A SC X12 meet 
ing on June 9, 1986 are over $3 billion by 1990. 


required for business data interchange will 
have to be eligible for use in other countries. 
The current ANSI authentication standard, 
based on the DES, is exportable, but its 
replacement may not be. 

The original focus area for electronic data 
interchange was in transportation, beginning 
in 1968.®^The Transportation Data Coordi¬ 
nating Committee (TDCC) worked with repre¬ 
sentatives of the rail, motor, ocean, and air 
transport industries to develop EDI trans¬ 
action sets for these modes. The first success¬ 
ful data interchange transmission occurred 
with railway bills, in 1975. Around the same 
time, TDCC organized a group of computer and 
communications experts to develop specific 
business appiications of this type of eiectronic 
transaction. Among the outcomes of this group 
activity were the development of purchase or¬ 
der and invoice transaction sets and movement 
toward generic transaction sets for industry. 
In the early 1970s, large corporations, such as 
Sears, J C Penney, and K-Mart had started 
transmitting purchase orders electronically, 
with speciaiiz^ formats. This was feasibie in 
part because these retailers were often their 
suppliers' sole or largest customer. However, 
benefits due to improved transaction accuracy 
and timeliness accrued to both parties, increas¬ 
ing interest in electronic transactions. 

Movement toward further development of 
generic transaction sets was formalized in 
1978, when the ANSI X12 Committee was 
formed. TDCC and the Credit Research Foun¬ 
dation provided technical support to the new 
committee, and TDCC is the current X12 Sec¬ 
retariat. In 1979, the grocery industry began 
its industry-specific Uniform Communication 
Standard (UCS), which is compatible with the 
EDI architecture developed by TDCC for the 
transportation standards. Subsequently, 
standards for public warehousing appiications 
(Warehouse Information Network Standards, 


'"Information on the evolution of electronic data interchange 
standards was provided by Paul Lemme, Transportation Data 
Coordinating Committee, ANSIX12 Secretariat. Personal com¬ 
munication with ()T.4 Staff. December 1987. 
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or WINS) were developed, also compatible with 
the EDI architecture. These standards include 
various security features. 

The ANSI X12 Committee is developing 
generic standards for electronic business data 
interchange. In November 1986, industry rep¬ 
resentatives agreed on a common data diction¬ 
ary for the ANSI X12 standards, the WINS 
and UCS standards, and theTDCC ED I stand¬ 
ard.“ The ANSI X12 Security Structures 
Taskgroup is developing transaction security 
standards under the auspices of the X12 Fi¬ 
nance Project Team, and the X 12 Committee 
has joined with the ANSI X9 Committee to 
deal with encryption and encryption-related 
business requirements. According totheX12 
Secretariat, the latter include: electronic sig¬ 
natures ("telex signature"); data integrity, 
"hash controls" (digests); message authenti¬ 
cation and sender verification; confidentiality 
of business data error detection; end-to-end 
security; and protection against replay, spoof¬ 
ing, modification, or impersonation. 

Benefits from electronic transactions are ex¬ 
pected to be substantial for diverse user 
groups, and some are already being realized. 
In 1980, a report prepared for the American 
Grocery Industry projected $300 million in 
profits for the industry as a result of imple¬ 
menting standardized electronic transactions. 
The grocers' UCS standards were completed 
in 1981, and the resulting industry gains have 
reportedly exceeded the projections."''The 
Automotive Industry Action Group, composed 
of the the major U.S. automobile manufac¬ 
turers and about 300 of their largest suppliers, 
began their movement toward standardization 
of electronic business transactions in 1981. 
According to some estimates. General Motors 
and Ford expect to realize a $200-per-car sav¬ 
ings, or some $1 billion a year, on a typical pro- 


"'Elisabeth Horwitt, “Move to EDI Gathers Steam as 
Standards Clear, Benefits Grow, ” Computer World, Dec. 15, 
1986, p. 5. 

“Paul Lemme, TDCC. Personal communication with OTA 
staff, December 1986. 


duction volume of 5 million cars per year, 
through use of electronic business data inter¬ 
change."' Caterpillar Tractor Co. has insti¬ 
tuted an electronic transaction system linking 
some 400 sites."" 

Because of the automobile industry's large 
number of suppliers, contractors, and distrib¬ 
utors, their use of the new data interchange 
standards is expected to accelerate the spread 
of these standards to other industries. These 
include metals, plastics, and rubber, as well 
as chemicals, transportation, electronics, aero¬ 
space, banking, and retail sales."'The move¬ 
ment toward electronic business transactions 
is giving rise to new, network-based "electronic 
clearinghouses' with market entrants such as 
IBM, GTE Telenet, GEISCO, Tymshare, and 
GM's Electronic Data Systems.®^ 

Potential savings to the Federal Govern¬ 
ment from electronic purchasing alone have 
been estimated to be $20 billion/year or more.® 
The DoD, for instance, has begun to use elec¬ 
tronic data interchange to reduce the time re¬ 
quired to get supplies to overseas commis¬ 
saries, and expects to shorten immediately the 
75-day purchase cycle by 5 or 6 days, thereby 
reducing inventory requirements. Other com¬ 
missary and procurement paperwork-reduction 
projects have been under way within DoD for 
a few years.™ 


Ford’s estimate is from “GEISCO Plans To Move Rock¬ 
ville Jobs in Bid to Get Edge in Global Markets, ” Washington 
Post, Sept. 29, 1986,Business Section, p. 4. The cost savings 
for GM is from a presentation by Jack Shaw at the ANSI XI2 
ASC meeting, June 9, 1986. This estimate does not include other 
potential savings from ED I facilitating just-in-time manufac¬ 
turing with reduced supply inventories. Shaw also reported that 
implementation of EDI enabled one large Eastern railroad to 
halve its purchasing data processing staff and is expected to 
cut another railroad’s purchase order lead time from 10 days to 3. 

^^Irwin Greenstein, “Caterpillar Erects Paperless Network, ” 
MIS Week, Jan. 20, 1986. 

^'’Business Week, Op. cit., Aug. 26, 1985. 

GEISCO Plans . . . .,” Washington Post, op. cit.. Sept. 29, 
1986. 

^®Jack Shaw, ANSI XI2 meeting on June 9, 1986. 

^'^Brad Bass, “Moving Data Electronically Expedites Sup¬ 
ply Delivery, ” Government Computer News, Jan. 30, 1987, p. 22. 
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Linkages in and Contrasts Between 
Defense-Intelligence and Other Needs 

Some Linkages Between Private Sector Activ¬ 
ities and Federal Policy —Private industry and 
civilian Government agencies' interest in safe¬ 
guarding their computer and communications 
information are becoming intertwined with 
Government policies even though these inter¬ 
ests are increasingly independent of national 
security. The linkages between private users 
and the Government, and between the civil 
agencies and NSA, tend to blur this independ¬ 
ence. These linkages are especially influential 
where NSA's technical expertise or Govern¬ 
ment certification is important, or where Gov¬ 
ernment agencies, as major purchasers, tend 
to drive commercial equipment designs. 

Although NSA's technical knowledge in high 
quality cryptography and cryptanalysts is ac¬ 
knowledged to be the cornerstone of U .S. ca¬ 
pabilities, very little of it is unclassified. Be¬ 
cause of this, private users depend on NSA's 
willingness to provide information and advice, 
which currently takes place, in part, in the form 
of NSA-certified commercial products. 

Understandably, private sector users place 
a high value on certified, validated, and stand¬ 
ardized safeguard products. This dependence 
has required considerable involvement by NBS 
and NSA in the absence of private sector in¬ 
stitutions fully competent to independently de¬ 
velop standards and certification processes. 
However, NSA's plans to replace DES in 1988 
with hardware modules that use secret al¬ 
gorithms will tend to deepen and perpetuate 
private sector users' dependency on NSA ex¬ 
pertise as long as these users have no independ¬ 
ent alternative for developing a certified, non¬ 
secret, and exportable successor to DES. 

Government agencies represent a large mar¬ 
ket for some information security products, 
therefore their choice of standards has a sig¬ 
nificant influence on manufacturers. Accord¬ 
ing to estimates from a study conducted by 
the Electronic Industries Association (E I A) 
in cooperation with NSA, Federal and private 
sector budgets for information security totaled 


some $3 billion, split evenly between commu¬ 
nications security and computer security. "" 

Other important linkages between Govern¬ 
ment policies and the private sector, and be¬ 
tween defense and civilian agencies, are in the 
areas of security awareness, education, and 
assistance. During the past few years, there 
has been mounting confusion concerning the 
distinction between the roles of NBS and NSA 
in these areas. In addition to its Federal stand¬ 
ards development, NBS, under its authority 
in the Brooks Act, as amended, participates 
in the voluntary activities of standards orga¬ 
nizations and works with the private sector and 
civilian agencies to develop computer and com¬ 
puter network safeguards techniques, includ¬ 
ing security components for the open system 
interconnection (OSI) architecture. However, 
NSA, under the auspices of NSDD-145, has 
expanded its relationships with civil agencies, 
providing threat assessments and awareness 
briefings and advice in selecting cost-effective 
and appropriate safeguards. NSA reports that 
it has provided assistance to 36 different civil 
agencies and departments, plus the U.S. Sen¬ 
ate, for diverse application areas including 
trade and finance, drug interdiction, law en¬ 
forcement, health, agriculture, immigration, 
and aviation and national security, "'as well 
as to Government contractors and other 
firms.” 


’'Of the $1.5 billion budgeted for communications security 
in 1986, 66 percent was budgeted by DoD, about 7 percent by 
other Federal agencies, and 27 percent by the private sector 
(including defense firms). Of the $1.5 billion for computer secu¬ 
rity, however, DoD and other Federal agencies only accounted 
for 13 and 11 percent, respectively, while the private sector ac¬ 
counted for about 75 percent. Electronic Industries Associa¬ 
tion: “COMSEC and COMPUSEC Market Study, ” Jan. 14, 
1987. 

'^Agencies and departments that have been assisted by NSA 
include the United States Trade Representative, International 
Trade Administration, Securities and Exchange Commission. 
Federal Reserve Board, Department of Labor, National Nar¬ 
cotics Border Interdiction System, Immigration and Naturali¬ 
zation Service, Drug Enforcement Administration, Center for 
Disease Control, National Institutes of Health, Department of 
Agriculture, and Federal Aviation Administration. Harold E. 
Daniels, Jr.. NSA S-0040-87, Feb. 20, 1987. Attachment 2 to 
Enclosure D. 

'Ibid., Attachment 1 to Enclosure D. 
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Vendors of safeguard technologies and 
private-sector defense contractors are also 
closely linked to Federal Information security 
policies and programs, such as NSDD-145. Be¬ 
cause the new, NSA-certified encryption mod¬ 
ules are expected to have a large, stable mar¬ 
ket among Federal agencies, vendors are 
unlikely to attempt development of riskier, un¬ 
certified, encryption-based safeguards. Private 
sector users, therefore, may be faced with 
limited new options if the supply of encryption- 
based safeguards is determined by "technol¬ 
ogy push" (from NSA) rather than "demand 
pull" (from unconstrained market forces). 

Emerging Differences.-What is open to 
question is the extent to which the concerns, 
priorities, and needs of the defense- and na¬ 
tional security-oriented user communities are 
generalizable to civilian agencies and the bulk 
of the private sector. 

One interesting set of findings from the OTA 
and Ernst & Whinney surveys,"'mentioned 
earlier, is based on the respondents' percep¬ 
tions of who their organizations' adversaries 
are and illustrates an Important difference be¬ 
tween perceived Government and private sec¬ 
tor information security needs: who the most 
significant adversaries are, and what level of 
resources they possess. Table 7 summarizes 
responses to a question in each survey that 
asked respondents to rank categories of adver¬ 
saries according to how relatively important 
it is to protect their organizations' significant 
(unclassified) "company confidential" or pro¬ 
prietary information from them. For example, 
the group of 26 nongovernment individuals 


'‘The OTA computer security survey was conducted in Oc¬ 
tober 1986, at a meeting of Palmer Associates. The 26 respond¬ 
ents to the questionnaire were data processing audit vice- 
presidents and data processing audit directors of Fortune 500 
companies. Ernst & Whinney, ‘*OTA Computer Security Sur¬ 
vey, ” OTA contractor report, Nov. 7, 1986. 

Ernst & Whinney conducted a separate survey in November 
1986 at the 13th annual conference of the Computer Security 
Institute. About 500 attendees responded to this self-admin- 
istered survey, most of whom had responsibility for computer 
security functions. The data were made available to OTA in 
February 1987. 


Table 7.—Overall Ranking of Importance as 
an Adversary (Highest = 7) 



OTA survey responses" 


Mean 

Fraction of 


ranking of 

responses ranking 

Category of adversary 

category 

category #1 or #2 

Your competition. 

6.7 

920/, 

Some of your internal 



employees. 

4.8 

31 

Foreign governments . . . 

. . 3,1 

4 

Your suppliers. 

4.1 

15 

Your customers. 

4.9 

27 

Public interest groups . . 

. . 4.0 

19 

aA(l respondents were non. government 



Ernst & Whinney survey 


_non-government responses 


Mean 

Fraction of 


ranking of 

responses ranking 

Category of adversary 

category 

category #1 or #2 

Your competition . 

6.5 

89%, 

Some of your internal 



employees. 

4.9 

43 

Foreign governments . . . . 

3.9 

30 

Your suppliers. 

4,1 

11 

Your customers. 

4.7 

35 

Public interest groups . 

3.9 

15 

^Between 200-300out of a total of 421 

non-government 

respondents ranked each 

category of adversary, the rest did not rank that Category 


Ernst & Whinney survey 


Government responses 


Mean 

Fraction of 


ranking of 

responses ranking 

Category of adversary 

category 

caiegory #1 or #2 

Your competition. 

. 4.1 

35 ’70 

Some of your internal 



employees. 

. . 5,3 

53 

Foreign governments . . . 

. 6.1 

74 

Your suppliers. 

. . 4,3 

24 

Your customers. 

. . 4.5 

34 

Public interest groups ., 

. 5.0 

48 

^'Between 26-49 out of a total of 141 

government 

respondents ranked each 


category of adversary the remainder did not rank that category 

surveyed for OTA, predominantly nondefense 
Fortune 100 executives, rated foreign govern¬ 
ments as their least important adversary. 

Similarly, the larger sample of non-Gov- 
ernment respondents surveyed by Ernst & 
Whinney ranked foreign government adver¬ 
saries lowest overall. Instead, both non-Gov- 


” One of the OTA survey respondents noted that his firm 
was most concerned with protecting information from foreign 
governments; another was concerned with protecting confiden¬ 
tial customer information from the U.S. Government. 
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ernment groups considered their competition 
as the most important single adversary, fol¬ 
lowed by customers and some internal employ¬ 
ees, and then by suppliers, public interest 
groups, and foreign governments. The Govern¬ 
ment respondents surveyed by Ernst& Whin- 
ney considered foreign governments (perhaps 
analogous to "your competition' for busi¬ 
nesses) to be the most important adversary, 
followed by some internal employees, public 
interest groups, and the other categories. An 
important difference between business com¬ 
petitors and foreign government adversaries 
is, obviously, the level of resources that each 
type could deploy to gain access to information. 

The Electronic I ndustries Association mar¬ 
ket study mentioned earlier also found "widely 
different perceptions of the threat to informa¬ 
tion systems and this results in different and 
often conflicting and competing security re¬ 
quirements . . ." The study notes a national 
security perspective that focuses on external 
threats while others' perceptions are of inter¬ 
nal sources as the principal threat."®It also 
notes that businesses and civilian agencies at¬ 
tached considerable importance to the cost of 
safeguards and their effect on operations. 

Other differences (and similarities) between 
current Government and private sector infor¬ 
mation security priorities are suggested by a 
survey question asking respondents to list 
their organizations' "top-priority" computer- 
security and information-security concerns. 
These responses are summarized in table 8. 
Although the same types of concerns are men¬ 
tioned by Government and private sector re¬ 
spondents, their relative priorities are dif¬ 
ferent. 

An important effect of these perceptions and 
priorities is on the users' decisions concerning 
the use and choice of safeguards. 

Another interesting finding from both the 
OTA and Ernst & Whinney surveys was the 


'“Electronic Industries Association, “COMSEC AND COM- 
PUSEC Market Study, ’( Jan. 14, 1987. This study was based 
on 75 interviews, 64 of which were with Federal agencies, in¬ 
cluding 39 having defense and intelligence missions. 


relatively low level of perceived impact (as of 
Fall 1986) from NSDD-145 on non-Govern- 
ment organizations safeguarding of unclassi¬ 
fied information. Table 9 summarizes responses 
to a survey question about the impacts of 
NSDD-145. Almost three-quarters of the re¬ 
spondents (all non-Government) to the OTA 
survey and almost half of the non-Government 
Ernst & Whinney survey respondents felt that 
NSDD-145 had had no impact on their orga¬ 
nizations' safeguarding of unclassified infor¬ 
mation. Moreover, fewer than 10 percent of the 
respondents to the OTA survey and fewer than 
30 percent of the non-Government respondents 
tothe Ernst&f Whinney survey considered that 
the directive had impacted their firms' secu¬ 
rity practices for unclassified information 
"somewhat" or "greatly. "" By contrast, the 
Government respondents in the Emst a whin- 
ney survey reported much higher levels of im¬ 
pact overall, with only one-quarter reporting 
no impact from NSDD-145 on unclassified in¬ 
formation security and almost 60 percent re¬ 
porting that the directive had impacted their 
organizations’ unclassified information secu¬ 
rity at least somewhat. 

More than two-thirds of both the OTA sur- 

vey respondents and the non-Government re¬ 
spondents to the Emst & Whinney survey felt 
that their firms’ information and data secu¬ 
rity measures were at least fairly adequate to 
meet their needs. What is somewhat surpris¬ 
ing is the relatively low percentages of these 
firms’ total information and computer secu¬ 
rity expertise attributed to Government-spon¬ 
sored assistance programs, conferences, and 
training programs. Only 2 of the 26 OTA sur¬ 
vey respondents indicated that even a small 
percentage of their firms’ information and data 
security expertise came directly from Govern¬ 
ment assistance programs. This low percent¬ 
age is likely due to the composition of the 
Palmer Associates group surveyed and is in 
marked contrast to what one might expect 

''Twofirms in the OTA survey indicated that they had im¬ 
plemented enciyption or scrambling to protect sensitive com¬ 
munications in response to N SD II- 145, and one of these firms 
also implemented access control soft ware, passwords, and ac¬ 
quired special communications channels. 
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Table 8.—Top-Priority Computer and Information Security Concerns Mentioned by Respondents 


OTA survey group (non-government) 

Ernst & Whinney 
non-government group 

Ernst & Whinney 

Government group 

Data security/data integrity 

Network security 

Contingency planning/disaster 
recovery 

Network security 

Data/information classification and 
security 

Data/information classification and 
security 

Contingency planning; training 

Micro/PC security 

Network security 

Quality security throughout firm; 
telecommunications links; internal 
hacking 

Dial-up security/communications 

Micro/PC security 


SOURCE Data from surveys conducted by Ernst & Whinney In October and November 1986 


Table 9.-Perceived Impacts From NSDD-145 (Fall 1986) 


Question: ‘ 

‘On September 17, 1984, President Reagan signed National Security Decision Directive 
145 (N SDD-145), the National Policy on Telecommunications and Automated infor¬ 
mation Systems Security. This policy has led to much more active involvement by 
the National Security Agency and the National Computer Security Center in provid¬ 
ing advice to business and industry. How has NSDD-145 impacted your organization 
in safeguarding information that is not classified for purposes of national security?” 

Response 



Survey responses 


QTA survey 
total responses 
to question 
(all non-government) 
(23) 

Ernst & Whinney 
total responses 
to question 
(486) 

Ernst & Whinney 
non-government 
responses 
(364) 

Ernst & Whinney 
government 
responses 
(122) 

Not at all . 


74 “/O 

41 “10 

46% 

25% 

Very little 


17 

25 

27 

18 

Somewhat 


9 

24 

21 

33 

Greatly. . . 


0 

11 

6 

24 


SOURCE Data from surveys conducted by Ernst & Whinney In October and November 1986 


from an alternative group composed of defense 
contractors, computer firms, or firms produc¬ 
ing security products for the Government mar¬ 
ket. I n fact, only two of the respondents to the 
OTA survey indicated awareness of any spe¬ 
cific Government-sponsored information and 
assistance programs. Of the 22 individuals re¬ 
sponding to a question concerning their per¬ 
ceptions of the helpfulness of Government 
guidelines, 17 answered "not at all, "whiles 
said these had been "somewhat" helpful to 
their organizations. The respondents who did 
find Government guidelines helpful cited the 
NBS Federal Information Processing Stand¬ 
ards (FIPS), including DES, as well as guide¬ 
lines for protecting privacy-related and clas¬ 
sified information. 

Differences Between Military and Civilian 
Computer Security Models.-The debate about 
how well the NSA's Orange Book computer 


security standards and evaluated products pro¬ 
gram will serve the needs of civilian agencies 
and private businesses is receiving increased 
attention within the computer security com¬ 
munity. One of the most crucial aspects of the 
debate concerns the security policy underlying 
the Orange Book criteria, the mechanisms 
needed to enforce security policy, and how well 
these match the security policies (and associ¬ 
ated mechanisms) that are common in commer¬ 
cial practice. According to computer security 
experts at NSA, for example, the National 
Computer Security Center (NCSC) has worked 
—and continues to work— "hand in glove" with 
the civilian agencies to understand their needs 
and provide appropriate computer security 
solutions"^and, moreover, products that have 
been evaluated by NSA and that have received 


’“Harold E. Daniels, Jr., NSA S-0033-87, Feb. 12, 1987, p. 
7 of Enclosure 2. 
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B- and C-level ratings are being used in the pri¬ 
vate sector (some of these, such as RACF, 
ACF2, and Top Secret, were developed well be¬ 
fore the Orange Book was published but have 
been modified to meet Orange Book stand¬ 
ards). Other experts disagree with this posi¬ 
tion, and argue that the security policy and 
mechanisms specified in the Orange Book do 
not meet important needs in commercial data 
processing. 

Among the latter group are David D. Clark 
(MIT Laboratory for Computer Science) and 
David R. Wilson (Ernst & Whinney). In their 
paper, "A Comparison of Commercial and Mil¬ 
itary Computer Security Policies, '”they 
present a security model based on commercial 
data processing practices and compare the 
mechanisms needed to enforce this model's 
rules with those needed to enforce the (lattice) 
model of security embodied in the NSA criteria. 
Other experts have also offered criticisms of 
the Orange Book's applicability to business 
needs. However, a brief summary of the Clark 
and Wilson paper, offered here as an example, 
points out some of the main points of criticism. 

According to Clark and Wilson, the "mili¬ 
tary" (NSA/DoD) security policy is really a set 
of policies designed to control classified infor¬ 
mation from unauthorized disclosure or declas¬ 
sification. Mechanisms used to enforce this 
security policy include mandatory labeling of 
documents or data items, assigning of user ac¬ 
cess categories based on security clearances, 
generating audit information, etc. The higher- 
level security policies include mandatory 
checks on all read and write transactions; these 
mandatory controls constrain the user so that 
any action taken is consistent with the secu¬ 
rity policy. In addition to these mandatory con¬ 
trols, discretionary controls can be used to fur¬ 
ther restrict data accessibility (e.g., "need to 
know" controls), but, say Clark and Wilson, 
these cannot increase the scope of security con¬ 
trols in a manner inconsistent with the under¬ 
lying multi-level classification concept. 


^^David D. Clark and David R. Wilson, “Commercial Secu¬ 
rity Policies, ” Proceedings, 1987 IEEE Symposium on Secu¬ 
rity and Privacy, Oakland, CA, Apr. 27-29, 1987. 


By contrast, Clark and Wilson assert that 
what underlies commercial data processing 
security practices is the prevention of fraud 
and error and, therefore, that a "commercial" 
security policy should address integrity rather 
than disclosure. Some of the mechanisms to 
enforce this type of policy are common with 
those for the military model (for example, user 
authentication), while others are very differ¬ 
ent. Among these others, Clark and Wilson 
identify two principal mechanisms: the well- 
formed transaction (in which a user can 
manipulate or record data in constrained ways 
that preserve or ensure the integrity of the 
data-analogous to a paper-and-ink accounts 
book in which correction entries, rather than 
erasures, are made); and separation of duty 
among employees (in which the user permitted 
to create or certify a well-formed transaction 
may not be permitted to execute it—analogous 
to double-entry bookkeeping in which a check 
for payment must be balanced against a match¬ 
ing entry in the accounts-payable column). Sep¬ 
aration of duty is a fundamental principle of 
commercial data integrity control, and is con¬ 
sidered effective except in the case of collusion 
among employees. 

In their paper, Clark and Wilson conclude 
that the integrity mechanisms inherent in the 
commercial security model differ from the man¬ 
datory controls in the military (nondisclosure) 
security model in important ways, and controls 
based on the military model are not sufficient 
to enforce the commercial (integrity) model. 
They then introduce a more formal model for 
data integrity in computer systems, based on 
the use of constrained data items and trans¬ 
formation procedures for enforcing an integrity 
policy. Comparing this model with other in¬ 
tegrity models, Clark and Wilson argue that 
their model, unlike the Orange Book standard, 
is applicable to a wide range of integrity 
policies. 

By early 1987, debate on the general applica¬ 
bility of the Orange Book criteria and devel¬ 
opment of alternative models of computer and 
information security had developed to the ex¬ 
tent that plans were made for an invitational 
Workshop on Integrity Policy for Computer 
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Information Systems, organized by Ernst & 
Whinney and cosponsored by the Institute for 
Electrical and Electronic Engineers, the Asso¬ 
ciation for Computing Machinery, NBS, and 
NSA's National Computer Security Center 
(NCSC), to address military versus commer¬ 
cial security policy issues. The workshop is 
scheduled to be held in late 1987. “ 

Civilian Agency Actions.-In addition to the 
NBS activities described earlier, related to 
DES, FIPS publications, and voluntary stand¬ 
ards development, there are other civilian 
agency activities related to safeguarding elec¬ 
tronic information. (An earlier OTA report sur¬ 
veys civilian agency programs for computer 
security. )81 The Treasury Department, for ex¬ 
ample, requires the use of safeguards for in¬ 
formation systems that handle sensitive, as 
well as classified, information.®^All Federal 
electronic fund and securities transfer systems 
must also have safeguards in place by J une 
1988. The requirement applies to all Federal 
agencies (except DoD, which has its own pol¬ 
icy) and to wholesale banks that do business 
with Treasury and use the Federal Reserve 
System as the interface.®®The Treasury De¬ 
partment Order (TO 106-09) requires that 
authentication measures conform to the Amer¬ 
ican National Standard Institute (ANSI) X9.9 
standard "or equivalent authentication tech¬ 
nique. "8''According to Department of Treas¬ 
ury officials, the DES "is and will remain fun¬ 
damental to the Department's security 
strategy for the foreseeable future. "®®Treas- 


‘“Information on workshop from David Wilson and Jenny 
Sobrasky (Emst& Whinney), private communications with OTA 
staff May 5-6, 1987, and from an IEEE press release (May 1987). 
^*OTA-CIT-297 op cit 

^^Department of tnjTreasuiy, Directives Manual, Informa¬ 
tion Systems SecurityjCh. TD 81, Section 40,.ADr. 2. 1985. 
Department tn^ Treasury, Directives Manual, “Elec 

tronic Funds and Transfer Policy—Message Authentication, 
TD 81, Section 80, Aug. 16, 1984. Superseded by: Department 
of the Treasury. “Electronic Funds and Securities Transfer 
Policy-Message Authentication and Endorsed Security, ” 
TD8 16-02, Oct. 3, 1986, TD/ 16-02 is authorized by Treasury 
Order 106-09, Oct,2, 1986. _ , “tti . • 

^'‘Department of Treasury Order #106-09, Electronrc 


Funds and Securities Transfer Policy-Message Authentica¬ 
tion and Enhanced Security, ” Oct. 2, 1986. 

‘^J. Martin Ferris, Security Programs, Department of the 
Treasury, Washington, DC, letter to OTA staff, Dec. 16, 1986. 


ury has announced that technology to secure 
Federal electronic fund transfers (EFTs) must 
be compatible with systems used by the Fed¬ 
eral Reserve System and the commercial bank¬ 
ing community. Specifically: 

• Treasury will continue to support and im¬ 
plement ANSI financial standards as the 
common method for securing Federal 
EFTs and will only transition from the 
current (DES based) ANSI standards to 
any new ANSI standard (not based on 
DES) if the transition is based on "sound 
business decisions and security needs. " 

• Treasury will rely on NSA's commitment, 
of November 12, 1985, that DES will be 
supported indefinitely for the financial 
community. 

• Treasury will rely on NBS to continue to 
validate DES chips. 

• Treasury will continue to certify equip¬ 
ment and techniques for Federal use to 
provide authentication/encryption and 
automated key management for EFTs. 
Treasury will continue to develop, in con¬ 
junction with NBS, automated test 
beds/bulletin boards so that NBS can vali¬ 
date successful hardware and software im¬ 
plementations of ANSI financial 
standards.®® 

The Federal Reserve System publicly ex¬ 
pressed its commitment to electronic data 
security in early 1985, when it announced spe¬ 
cific plans to enhance its electronic payment 
services in order to increase their security. The 
Federal Reserve is a highly-visible participant 
in the Nation's electronic payments system, 
both as an operator (performing electronic fund 
and securities transactions, serving as an auto¬ 
mated clearinghouse, etc.) and as a regulator. 

I n its role as an operator, the Federal Reserve 
must protect its value transactions; as a regu¬ 
lator, the Federal Reserve intends that its secu¬ 
rity and reliability standards serve as models 
for depository institutions to emulate in secur¬ 
ing their own electronic payments operations. 


‘“Ibid. 
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The Federal Reserve's plans include encryp¬ 
tion of depository-institution connections; as 
of late 1986, over 60 percent of these were en¬ 
crypted and the Federal Reserve plans to have 
almost 100 percent of them encrypted by the 
end of 1987. In addition, the Federal Reserve 
is currently testing the use of message authen¬ 
tication within the Federal Reserve environ¬ 
ment.®'The National Bureau of Standards is 
providing technical support to the Federal 
Reserve. 

Technical Standards Development 

Technical standards are important for a 
number of reasons. Among other things, they 
help to aggregate markets by improving the 
uniformity, interoperability, and compatibil¬ 
ity of vendors' products. 

Federal Agency Participation.-NSA and 
NBS activities in the development of stand¬ 
ards have been noted earlier. Other agencies 
involved in the development and promulgation 
of regulations and standards include the Of¬ 
fice of Management and Budget, the General 
Services Administration (GSA) and DoD's Na¬ 
tional Communications System (NCS). GSA 
promulgates Federal procurement regulations 
generally, including telecommunications, and 
has delegated its responsibilities for produc¬ 
ing and coordinating communications stand¬ 
ards to NCS, which has issued DES-related 
standards for telecommunications security and 
interoperability. 

NBS has had considerable success during the 
past decade in developing a variety of stand¬ 
ards for information security, as well as by pub¬ 
lishing dozens of guidelines. Known as Fed¬ 
eral Information Processing Standards (FIPS), 
NBS standards apply to civilian agencies. Sev¬ 
eral have also become the basis for standards 
developed or adopted by NSA and by private 
standards-setting organizations such as ANSI, 
the ABA, and the International Organization 
for Standardization (ISO). 


Dennis, Assistant Director of Federal Reserve Bank 
Operations, Washington, D.C. Personal communication with 
OTA staff, Aug. 26, 1986 and letter, Dec. 17, 1987. 


One of the earliest of these national stand¬ 
ards, DES, (FIPS 46, released in 1977) is dis¬ 
cussed in appendix C. DES, which is now pro¬ 
duced in hardware and software both in the 
United States and overseas,"* has been 
adopted by ANSI in a number of its technical 
standards, and was considered for use as an 
international standard by an ISO technical 
committee in 1986, as discussed later. 

Private Sector Participation. -Active partici¬ 
pation in the development of technical stand¬ 
ards for information safeguards is another in¬ 
dication of the current and future needs of 
business users. ANSI has had active partici¬ 
pation from several dozen major corporations, 
including banks, equipment vendors, and (more 
recently) other manufacturers. For example, 
several large U.S. banks and the American 
Bankers Association (ABA), the Canadian 
Bankers Association, and about 30 vendors are 
among the participants in developing stand¬ 
ards of interest to the banking community, in 
addition to NBS, the Treasury Department, 
and NSA. Suppliers and users of sophisticated 
safeguards such as biometrics and other tech¬ 
nologies not based on cryptography have acted 
more independently of the Federal Govern¬ 
ment, sometimes in the absence of technical 
standards. Defense agencies are major con¬ 
sumers of these products, but the Federal Gov¬ 
ernment does not enjoy the near monopoly in 
technical expertise that it has in cryptography. 
In the area of biometrics, the International Bi¬ 
ometric Association was formed in 1986 to ad¬ 
dress industry issues, including establishing 
a testing and standards program. 

Most large corporations have developed or 
are developing their own information safe¬ 
guard policies. For example, the Chemical 
Bank of New York, which has more than 250 
branches, has developed its own policies and 
a security training program for bank employ¬ 
ees." The bank's policies, published in 1985, 

Federal Government certification applies only to implemen¬ 
tations of DES in electronic devices. 

Corporate Data Security Standards, ” Chemical Bank 
(Chemical New York Corp.), 1985; also Presentation by Joan 
Reynolds (Chemical Bank), panelist in “Guidelines and Stand¬ 
ards Panel, ” Ninth National Computer Security Conference, 
Gaithersburg, MD, Sept. 16, 1986. 


0 - 87 - 
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define security and custodianship responsibil¬ 
ities in the bank's distributed operating envi¬ 
ronment and govern the transfer of informa¬ 
tion in hard copy and electronic forms to 
protect the bank's information service and data 
assets. The bank has developed a software 
package that it uses to train branch officers 
to perform risk assessments for their local 
offices and to implement the corporate secu¬ 
rity standards. By late 1986, the software 
package had been used in at least 30 Chemical 
Bank locations.^ 

The Small Business Computer Security and 
Education Act (Public Law 98-362) provided 
another mechanism for private sector partici¬ 
pation in developing information security 
standards and guidelines. Passed in J uly 1984, 
the act set up a 10-member Small Business 
Computer Security Advisory Council to advise 
small businesses on the vulnerabilities to mis¬ 
use of computer technologies (especially in dis¬ 
tributed network environments) and on the ef¬ 
fectiveness of technological and management 
techniques to reduce these vulnerabilities. It 
also develops guidelines and information to as¬ 
sist small businesses and plans to distribute 
written materials, including a small business 
guide to computer security (to be published by 
NBS) in mid-1987.®' A report to Congress will 
be issued by December 1987. 

The Applied Information Technologies Re¬ 
search Center (AITRC) represents yet another 
private sector approach to meeting informa¬ 
tion safeguard needs. A consortium of scien¬ 
tific, technological, and business organizations 
based in Columbus, Ohio, AITRC is part of 
this State-supported program. It was sup¬ 
ported by an initial State grant of $1.4 mil¬ 
lion. Its industrial members include leaders in 
online information services, and one AITRC 


“Personal communication between OTA staff and Denise 
Ulmer, Chemical Bank of New York, Sept. 25, 1986. 

The software package, RiskPac^^, is also being marketed 
commercially through Chemical Bank Information Products and 
Profile Analysis Corporation, Ridgefield, Connecticut. Personal 
communication between OTA staff and Peter S. Brown, Pro¬ 
file Analysis Corp., Sept. 25, 1986. c, „ 

91 Information provided by Peter S. Brown, chairman, ^maii 

Business Computer Security Advisory Council, Sept. 25,1986. 


project is developing techniques for secure ac¬ 
cess to private and subscription databases. In 
the fall of 1986, AITRC was licensing a low- 
cost, credit card device for remote user iden¬ 
tification. “ 

Technical Standards Bodies.—Another indi¬ 
cation of the variety of users' needs and de¬ 
mands is provided by the activities of the tech¬ 
nical standards-making bodies. Users and 
vendors in the banking and information proc¬ 
essing communities, and in civilian Govern¬ 
ment agencies, have been working with con¬ 
siderable success for the past decade to develop 
standards to meet their needs for improved in¬ 
formation safeguards. These groups recognize 
that standards establish common levels of 
cryptographic-based security and interopera¬ 
bility for communications and data storage 
systems.®^ 

The leading information standards-making 
organizations in the United States have been 
the Institute for Computer Sciences and Tech¬ 
nology at NBS, the American National Stand¬ 
ards Institute (ANSI), and the American 
Bankers Association (ABA), as noted earlier. 
The International Organization for Standard¬ 
ization (ISO), develops voluntary standards for 
international use. Through these bodies, users 
and vendors are setting the stage for im¬ 
proving the integrity and security of computer 
and communications systems world-wide. 

The American National Standards Institute 
(ANSI) serves as a national coordinator and 
clearinghouse for information on U.S. and in¬ 
ternational standards. It is the central non¬ 
government institution in the United States 
for developing computer, communications, and 
other technical standards for industry. ANSI 


“Sources: Jr^ormation Hotline, July-August 1986, pp. 6-7; 
and personal communication between OTA staff and Richard 
Bowery AITRC. Sept. 8. 1,986. 

93 j) B^^st^d and m. Smid, Integrity and Security Stand¬ 
ards Based on Cryptography, ” North Holland Publishing Co., 
Computers & Security 1 (19^) CASOO043 [NC]. Also, see Orga¬ 
nization for Economic and Co-operative Development, Commit¬ 
tee for Information, Computers, and Communications Policy, 
“Standards and Standard-Setting in Information Technology- 
Stakes, Strategies, and International Implications, ” Sept. 5, 
1985. 
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members represent a broad range of industries 
and technical disciplines. NBS is a member of 
many ANSI committees, including those deal¬ 
ing with message authentication and encryp¬ 
tion; other Federal agencies including Treas¬ 
ury and NSA also have memberships. ANSI 
serves as the U.S. representative to the Inter¬ 
national Organization for Standardization 
(ISO). 

These organizations are structured inter¬ 
nally into committees, technical committees, 
and working groups to accommodate the spe¬ 
cial interests of their members and to provide 
a narrow focus, where needed, for developing 
particular standards and guidelines. Among 
the structures related to information security 
are: 

. ANSI X3 (Information Processing Sys¬ 
tems) Committee, which includes the en¬ 
cryption technical committee; and ANSI 
X9 (Financial Services) Committee, which 
includes the financial institution message 
authentication working group, the finan¬ 
cial institution key management commit¬ 
tee, and the bank card security working 
group (focusing on personal identification 
number, management, and security); 

Z ABA, which focuses on financial trans¬ 
actions safeguards, including encryption 
and message authentication; and 

• ISO's Technical Committee 97 (TC-97) and 
its various subcommittees and working 
groups, which are responsible for devel¬ 
oping standards for information process¬ 
ing systems; and Technical Comnittee 68, 
which has similar responsibilities for the 
financial community. 

These bodies make extensive use of one 
another's work, often adopting the other's 
standard intact or with modifications. Table 
10 shows the progress being made in the de¬ 
velopment of standards and guidelines, as well 
as many of the contributions of different civil¬ 
ian institutions. 

The interests of many developed countries 

in establishing an international standard for 
cryptography have recently culminated more 
than 5 years of deliberation in thG ISO. In Dg- 


cember 1985, an ISO tGchnical subcommittGG 
rGCOmnriGndGd that DES bG adoptGd as an in¬ 
ternational standard.’}” Any standard adopted 
by the ISO would likely be used throughout 
much of the developed world to safeguard com¬ 
munication and computer systems. Disagree¬ 
ments within the U.S. delegation (between 
NSA and the business community members 
of ANSI) led the U.S. delegation to abstain dur¬ 
ing the ISO vote on DES.ANSI, in mid- 
1986, recommended to ISO that cryptographic 
algorithms not be the subject of international 
standardization. This change from ANSI's pre¬ 
vious position probably came in response to 
NSA suggestions.®® Several months later, the 
ISO Technical Committee TC97 announced the 
withdrawal of the proposed DE A-1 standard.®^ 

SonriG of thG othGr nations involvGd in the 

ISO deliberations have proposed their own al¬ 
gorithms as alternatives to DES.®®This pro¬ 
posal may give credence to what many believe, 
i.e., that not only can other nations offer en¬ 
cryption algorithms for international use, but 
that future encryption services will be decided 
based on international commercial needs. The 


Vincent McClellan, ‘The Pentagon Couldn’t Defeat IBM 
in Battle Over DES Standard, ” Information It eek, Feb. 24,1986, 
pp. 24-27. 

'dbid., pp. 24-27. 

^^During a meeting with NSA officials in June 1986, OTA 
staff were advised that sinee most private sector foreign repre¬ 
sentatives to the 1 SO have close ties with their governments, 
the final ISO decision on whether to adopt the DES could be 
deeided prior to I SO voting through private negotiations among 
governments. Furthermore, NSA offieials have stated that NSA 
is not in favor of DES (or any one algorithm) being usei as an 
international encryption standard. Harold E.Daniels,) r., NSA 
S-0033-87, Feb. 12, 1987, p. 2 of Enclosure 2. 

Critics of NSA are sometimes inconsistent. For example, there 
was speculation that the real reason that NSA opposes DES, 
or any other algorithm, as an international standard is that it 
would damage NSA’s signals intelligenee operations or benefit 
criminal elements. On the other hand, others speculate that DES 
is easy for a government intelligence agency to decipher. 

However, according to one NSA executive, there is no evi- 
denee that anyone has yet found a way to break the DES. But, 
because DES has come into such widespread use, it may be¬ 
come an attractive target for just such attempts. (3TA staff 
meeting with Harold E. Daniels.) r., xNSA, Aug. 13, 1986. 

'"Vincent McClellan, 'The Pentagon Couldn't Defeat IBM 
in Battle Over DES Standard, information Week, Feb. 24, 1986, 
pp. 24-27. 

•'Jbid. 
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Table 10.—Selected Civilian Technical Standards for Safeguarding Information Systems 


Standard/guideline 

Developer/year 

Principal and other users/uses 

Data Encryption Standard (DES) (FIPS PUB 46) 

NBS (1977) 

U.S. Government (computer and 
communication security); increasing use in 
private sector 

DES Modes of Operation (FIPS PUB 81) 

NBS(1980) 

U.S. Government (key management, character 
transmission, packet transmission, voice) 

Key Notarization System (U.S. patent 

4,386,233) 

NBS (1980) 

U.S. Government (notarized identification of 
originator and receiver of secure message 
or data file); also used in banks 

Guidelines for Implementing the DES (FIPS 

PUB 74) 

NBS (1981) 

U.S. Government (general DES user 
information) 

Computer Data Authentication (FIPS PUB 113) 

NBS (1985) 

U.S. Government (authentication code for 
data integrity in ADP systems and 
networks); some use in private sector 

Password Usage Standard (FIPS-112) 

NBS (1985) 

U.S. Government (identifies ten security 
factors for a password system) 

General Security Requirements for 

Equipment Using DES (FS-1027) 

GSA(1982) 

U.S. Government (physical and electrical 
security of DES devices) 

Interoperability and Security Requirements of 
the DES in the Physical Layer of Data 
Communications (FS-1026) 

GSA(1983) 

U.S. Government 

Data Encryption Algorithm (DEA) 

ANSI X3.92 (1981) 

U.S. industry (voluntary standard, DEA is 

ANSI terminology for the DES) 

Data Link Encryption Standard 

ANSI X3.105 (1983) 

U.S. industry 

DEA Modes of Operation 

ANSI X3.106 (1983) 

U.S industry 

Financial Institution Message Authentication 
(wholesale) 

ANSI X9.9 (1983) 

Wholesale banks (message authentication); 
industry (electronic procurement message 
authentication) 

Personal Identification Number (PIN) 
Management and Security 

ANSI X9.8 (1982) 

Retail banks (DEA encryption of PINs; 
retailers (computer access control) 

Financial Institution Key Management 

ANSI X9.17 (1985) 

Wholesale banks and industry (cryptographic 
keys for encryption and message 
authentication) 

Financial Institution Message Authentication 
(Retail) 

ANSI X9.19 (1986) 

Retail banks (message authentication using 
DEA) 

Financial Institution Encryption of Wholesale 
Financial Messages 

ANSI X9.23 (draft) 

Wholesale banks and industry 

Management and Use of PINs 

ABA (1979) 

Banks (general guidance) 

Protection of PINs in Interchange 

ABA (1979) 

Banks (general guidance) 

Key Management Standard Dec. 43 

ABA (1980) 

Banks (general guidance) 

Data Encryption Algorithm (DEA-1) 

ISO (1986) 

Proposed international version of DES 
(FIPS-46); withdrawn by ISO Technical 
Committee TC97. 

Modes of Operation of DEA-1 

ISO/DIS 8372 

Draft international standard has been 
approved (title may change due to 
withdrawal of proposed DEA-1 standard) 

Data Link Enciphering Standard 

ISO/DIS 9160 

Draft international standard, version of ANSI 
X9.105 

Message Authentication 

ISO/DIS 8730 

Draft international standard for message 
authentication; Part 1 specifies the DEA-1 
algorithm. Part 2 specifies the MAA 
algorithm 

Public Key Encryption Algorithm and 

Systems 

ISO/DP 9307 

Draft proposal for standards (may be 
stricken) 

Banking: Key Management (wholesale) 

ISO/DIS 8732 

Draft international standard for wholesale 
banks 


SOURCE Of f!ce of Technology Assessment, 1987 
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trend toward the standardization of encryp¬ 
tion-based safeguards, principally for Improv¬ 
ing message integrity (virtually all of which 
are currently based on DES, often in conjunc¬ 
tion with public-key cryptography) suggests 
that within a few years major segments of the 
world's businesses will have standardized in¬ 
formation safeguards where needed. 

Second, these trends indicate that the role 
of the U.S. Government is shifting from that 
of the principal developer of safeguard stand¬ 
ards in the early 1970s to a more limited role 
of one participant among many, although with 
continuing and important responsibilities. 

Inherent Diversity of User Needs 

Decisions on arcane technical standards, 
originally based on national security concerns, 
have already begun to be influenced by vari¬ 
ous, growing nondefense interests in the 
United States and worldwide. If safeguard 
products meeting Federal standards for cer¬ 
tification do not fully meet commercial needs, 
then users are likely to seek greater independ¬ 
ence from the Federal Government. Some 
movement in this direction is already taking 
place, as evidenced by: unpublicized plans in 
1987 of the U.S. banking community to by¬ 
pass NSA's secret algorithms; growing com¬ 
mercial interest in proprietary public-key al¬ 
gorithms, which have no Federal standard but 
meet users needs for electronic key distribu¬ 
tion and digital signatures; and, the workshop 
on Integrity Policy for Computer Information 
Systems, planned for late 1987, which will fo¬ 
cus on military v. commercial security models. 

The foregoing description of various users' 
needs, and actions that Government and 
private sector groups have undertaken to meet 
them, serves to point out the inherent diver¬ 
sity and heterogeneity of users' needs for in¬ 
formation safeguards. Within the Federal Gov¬ 
ernment itself, for example, different 
requirements exist among defense and civil¬ 
ian agencies, and even between classified and 
unclassified applications (such as food service 
or routine procurement) within DoD. The pri¬ 
vate sector is no more uniform in its needs, atti¬ 


tudes, and perceptions. In order to understand 
the differences in each user's requirements, pri¬ 
orities, and perceived risks and threats, infor¬ 
mation such as the following must be evalu¬ 
ated by each user: 

• What are the user's major concerns? For 
example, what is the relative priority for 
various types of information for integrity 
versus confidentiality, versus reliability 
and continuity of service? 

• What sensitive information may warrant 
better safeguards than are now provided? 

• Who are the adversaries that need to be 
protected against (employees, competitors, 
foreign governments) and the resources 
they are likely to use? 

• What are the likely consequences (finan¬ 
cial, embarrassment, privacy) of different 
types of losses? What has been the loss 
experience to date? 

• What are the decision criteria (costs and 
benefits for bolstering safeguards, re¬ 
quired by law, risk aversion)? 

Responses to these and other questions help 
to define the user's needs for safeguards and 
are likely to be different from one user to 
another, even when they are in the same gen¬ 
eral business. A defense contractor bound by 
DoD policies and regulations for safeguarding 
classified information from foreign adversaries, 
for example, can recover the costs of safe¬ 
guards from the Government. This is a very 
different situation than that of a large retailer 
who needs to authenticate thousands of trans¬ 
actions per day, with emphasis on service de¬ 
livery, costs, data integrity, and protection 
against dishonest employees and customers. 
And, the retailer's needs bear little resem¬ 
blance to the bank manager's requirement to 
show that he has exercised due care in safe¬ 
guarding the bank's assets. 

Chapter 6 focuses on some of the major laws 
and policy directives concerning information 
security. In tracing the development of pub¬ 
lic policy. It seeks to provide insights into the 
question: "Flow did we get where we are 
today?" 
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Chapter 6 

Major Trends in Policy Development 


FINDINGS 

• Federal policy limiting the disclosure of information has expanded over the 
last decade to include growing concern for protecting unclassified, but sensi¬ 
tive information, such as that in commercial and Government databases. As 
part of this process, the role of the defense and intelligence communities has 
also expanded and "national security," as a criteria for non-disclosure, is be¬ 
ing interpreted more broadly. 

• Federal policies on information security are creating tensions with broad na¬ 
tional interests and, in contrast with earlier times, can no longer be isolated 
from them. 

• Most recent Federal policies on information security are based principally 
on national security concerns. Now that information security is becoming im¬ 
portant to commerce, more broadly based policies will be more appropriate. 

• The National Security Agency (NSA), in carrying out its role under National 
Security Decision Directive (NSDD-145) to develop computer and communi¬ 
cations security standards for use by Government and industry, is involved 
in two policy conflicts. One conflict involves responsibilities for developing 
security standards, with the National Bureau of Standards (NBS) charged 
by the Brooks Act of 1965, as amended, and NSA having overlapping respon¬ 
sibilities under NSDD-145. The second is a continuing, inherent conflict be¬ 
tween NSA's mission to perform signals intelligence and its efforts to develop 
computer and communications safeguards for widespread nondefense use. 


INTRODUCTION 


Policy for the security of electronic informa- 

tion has developed in recent years in a setting 
of diverse interests. These interests have in¬ 
cluded national security and the separation of 
powers for governmental policymaking, as well 
as civil liberties, including personal privacy, 
and commercial needs for improved informa¬ 
tion safeguards. The current tensions in infor¬ 
mation security policy reflect all of these in¬ 
fluences. To a large extent, these tensions have 
their basis in different views within Govern¬ 
ment of overall national interests and the cen¬ 
tral historical role of the Government, particu¬ 
larly the Department of Defense (DoD), in 
developing technology and setting policies for 
safeguarding electronic information. 


This chapter provides a brief review of two 
of these influences: 

• the context of Government controls on un¬ 
classified information that has evolved 
during the past few decades, and; 

. the progression of prior policies concern¬ 
ing the privacy and security of electronic 
information that have led to today’s 
policies. 

Policies designed to keep electronic informa¬ 
tion secure developed historically largely in the 
context of protecting national security. One 
of the important ways that has been used to 
limit potential damage to the nation’s secu¬ 
rity is through controls on the dissemination 


131 
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of information. Federal limitations, dating to 
before the turn of the century, sought to pre¬ 
vent the disclosure and distribution of mili¬ 
tarily sensitive, Government-owned or -con- 
troll^ information. ' 

Traditionally, information protected for na¬ 
tional security reasons has been limited to mil¬ 
itary and diplomatic categories. Since the 
1940s, a number of laws have been passed and 
presidential directives issued that have grad¬ 
ually expanded the range of information deemed 
vital to U.S. national security. Controls have 
been placed on data relating to, for example, 
atomic energy, space programs, and a variety 
of other technologies. (See table 11.) Similarly, 
efforts have been made to keep intelligence 
sources and methods secret and there have 
been discussions on whether controls might 
be warranted for satellite imagery gathered for 
the news media." 

At the same time, the medium of informa¬ 
tion that is to be controlled—i.e., oral, print, 
photographic, or electronic—has also expanded. 
The setting for the transfer of controlled infor¬ 
mation has become irrelevant, whether through 
the export of products or services, sales presen¬ 
tations, university laboratories and classrooms, 
or scientific or trade conferences. 

Against this backdrop, computer and com¬ 
munications systems are among the media for 
controlling the transfer of such sensitive in¬ 
formation. Concern for their vulnerability to 
penetration, particularly by foreign intelli¬ 
gence entities, has resulted in pressure to in¬ 
crease the security of these systems. 

A second context that affects Government 
controls on information concerns the respec¬ 
tive roles of and occasional conflicts between 
the executive and legislative branches in set- 


""The Evolution and Organization of the Federal Intelligence 
Function: A Brief Overview (1776-1975 )/' Supplementary 
Reports on Intelligence Activities, Book 6, Senate Select Com¬ 
mittee to Study Government Operations, Report 94-755, Apr, 
23,1976. 

^'U.S. Congress, Office of Technology Assessment, Commer^ 
cial Newsgathering From Space—Technical Memorandum, 
OTA-TM-I SC-40 (Washington, DC: U.S. Government Printing 
Office, May 1987). 


Table 11 .—Selected Government Policies Related to 
Controls on Information Flows: A Context for 
Electronic Information Security 


1940s: 

• Atomic Energy Act" 

Z Export Control Act 

• National Security AcP 

—establishes the Central Intelligence Agency 
1950s: 

. Invention Secrecy Acf 
1960s: 

• Export Administration Act of 1969e 
1970s: 

. Arms Export Control Act of 1976f 
Z PD/NSC-24 

—safeguard sensitive Government information in 
communications systems 
1980s: 

• Defense Authorization Act, 1984h 

—controls, on military and space technical data 

• NSDD 189^ 

—clarify controls on basic research data 

• NSDD 145^ 

—safeguard sensitive information in computer and 
communications systems 

Recent reports: 

• Air Force study of foreign access to commercial 

databases 

• Soviet acquisition of Western technology’ 

• Senate report on countermtelligence" 

^Atomic (60 Stat • 

t>ExportControl Act of 1949 (63 Stat. 7) 

^National security Act of 1947 (50 DSC. 403, Sec. 403). This Act also provides 
standards for classifying and safeguarding Information for the protection of na¬ 
tional security, notably Intelligence sources and methods 
“Invention Secrecy Act of 1951 (U S.C. 181-188). 

®Export Administration Act of 1979 (50 App USC 2401.2413). as amended 
1981,1985. 

fA^ms Export Control Act of 1976 (22 USC 2571 et seq.) 

QPresidentiat Directive/National Security Council-24. (PD/NSC 24), Telecommu¬ 
nications Protect Ion Policy (unclassified excerpts, dated Feb 9. 1979), Nov 16 
1977 (classified) 

h Department of Defense Authorization Act, 1984, P L 98-94, SePt 241983 Sec¬ 
tion 1217, Authority to Withhold from Disclosure Certain Technical Data (10 
U.S C 140c) 

'NSDD 189, National Policy on the Transfer of Scientific, Technical, and Engineer, 
mg Information, Sept 21, 1985 

iNational Security Decision Directive 145 (NSDD 145), Policy on Telecommuni¬ 
cations and Automated Information Systems Security, Sept 17, 1984 
k-The Exploitation of Western Data Bases,” Report of the Air Force Management 
Analysis Group, (Secret), June 30, 1986 

l, Soviet Acquisition of Militarily Significant Western Technology An Update, 
Department of Defense, September 1985 

m, Meetingthe Espionage Challenge,” Senate Select Committee on Intdigence, 
Report No 99-522, Oct 3, 1966 

ting policy when national security is at stake." 
The history of this controversy has its origins 
in the drafting of the Constitution and it con¬ 
tinues to raise complex issues for both branches. 
Since the beginning of the Cold War in the mid- 


'Flarold C. Relyea, “National Security and Information, “ 
Government Information Quarterly, vol. 4, No. 1, 1987, pp. 
11-28. 
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1940s, the debate over the roles of the two 
branches has included such topics as atomic 

energy, satellite communications, and the 
funding of research in fields such as electronics 
and supercomputers and of the roles of the mil¬ 
itary V. civilian agencies. 

The controversy over policymaking respon¬ 
sibilities within the Federal Government has 
a direct bearing on Federal policy in informa¬ 
tion security primarily because it influences 
the scope of national interests to be embraced 
in such policies and, in that process, the pri¬ 
orities emphasized. For example, one view of 
national interests places priority on military 
advantage and defense capability, with na¬ 
tional security often being promoted through 
reliance on secrecy and Government controls. 
Advocates of this view accept the idea of Gov¬ 
ernment control of access to information in the 
greater interest of national security. The other 
viewpoint focuses on the United States as a 
free and open society in which access to infor¬ 
mation, for realizing scientific, economic, and 
intellectual achievement, should be subject to 
only minimal Government control when there 
is clear justification. 

In addition, the process by which policy is 
developed is becoming increasingly important 
as the range of national interests affected ex¬ 
pands beyond national security concerns and, 
consequently, as tensions among competing 
objectives are created. Policymaking in Con¬ 
gress tends to be an open process, in contrast 
with the often closed process underlying past 
executive branch policies concerning commu¬ 
nications and computer security. 

Federal policy on electronic information 
security has also been shaped by concerns for 
privacy and civil liberties. Laws have been 
passed limiting warrantless Government wire¬ 
taps and prohibiting eavesdropping on others’ 
private communications or gaining unauthor¬ 
ized access to computer systems. This path of 
Federal policymaking, which has its origins 
with the Communications Act of 1934, has 


g0inGd momentum during the past two dec¬ 
ades independent of concerns for foreign in¬ 
telligence gathering. 

As a consequence of these various influences, 
most of which have ramifications that extend 
well beyond information security, policy for¬ 
mulation has followed at least two interdepen¬ 
dent paths, at times initiated by Congress and 
at other times by the executive branch. The 
resulting policies, are highlighted in table 12. 
In this process, however, there has been a grow¬ 
ing influence of defense and intelligence inter¬ 
ests in shaping policy for the security of un¬ 
classified electronic information. 

Until recently. Federal policies on electronic 
information security, whatever their objec¬ 
tives, have not raised tensions. What is differ¬ 
ent about the policies of the 1980s, however, 
is that some of these have begun to affect seg¬ 
ments of the private sector more significantly. 
In contrast with earlier policies, which had neg¬ 
ligible influence on nondefense businesses or 
private citizens, recent policies have tended to 
impose added burdens on some businesses, to 
raise concerns for new restrictions on private 
sector access to unclassified, but sensitive in¬ 
formation, and to interject an intelligence 
agency in normal business operations. (See ch. 

5.) 

Some of the key questions that arise are: 
where is policy for the security of electronic 
information leading? can theeurrent issues be 
resolved? what new issues might arise? The 
review of the evolution of policy in the re¬ 
mainder of this chapter provides limited in¬ 
sights into the answers to these questions. For 
example, there is little indication that any per¬ 
manent change is about to occur to reconcile 
the different views of the national interest and 
how these should be addressed in policy on the 
security of electronic information. It is more 
likely, given the complexity of the issues, that 
the narrower ones will be addressed, such as 
the extent of controls on information flows v. 
the ease of public access to Federal informa¬ 
tion intended by the Freedom of Information 
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Table 12.—Government Actions Affecting the Security of Information in Computer and Communications Systems 


Executive Branch Legislative Branch Key Reports 

World War I. War Departmenf 

Post World War I American Black Chamber" 

1934 . Communications Acf 

1952 . NSA created" 

1965 . Brooks Acf 

1968 . Omnibus Crime Control and 

Safe Streets Acf 

1976 . Senate report on Federal 

intelligence functions 

1977 . NBS establishes DES as U.S. MITRE reports on 

standard communications security" 

1978 . Foreign Intelligence 

Surveillance Act' 

1979 . Policy on protection of RAND report on computer 

government communications, security' 

PD/NSC-24^ 

1980 . NTIA White Paper’ 

1981 . Executive Order 12333'' 

1984 . Policy on protection of 

government computer and 
communications systems, 

NSDD 145. ” 

$985 . Flouse hearings on computer 

security policy” 

1986 . Policy on protection of FIR 145, Computer Security 


sensitive information Act" 

NSA decision to replace DES Computer Fraud and Abuse 

acf 

Electronic Communications 
Privacy Acf 

1987 . Planned review of NSDD' Flouse hearings on FIR 145' Flouse report on computer 

security” 

^Responsibilities of the war Department included safeguarding Classified and diplomatic messages and signals intelligence operations 
0 Black Chamber, Bobbs-Merrill Co , IndianapoliS, 1931 As reported in David Kahn. The Codebreakers. PP 360-361 

cjhe Act 011934, Sect Ion 605 (now section 705), as amended 

dTh^ National Security Agency created by a still-classified presidential memorandum in 1952.NSA's responsibilities Include safeguarding Government 
classified and diplomatic communications and foreign signals intel I igence operation 
‘Public Law 89-306 

flitieS Qf th^Omnibus Crime Control and Streets Act of 1968 protects the privacy of wire and oralcommunications and delineates conditions under which 
Intercept Ion of wire and oral communications may be authorized 

9“The Evolution and Organization of the Federal Intelligency Function A Brief Overview (1776 -1975),” Supplementary Reports on Intelligence Activities, Book VI, 
Senate Select Committee to Study Government Operations, Report 94-755, Apr 23. 1976 
^“Studyofthe VulnerabilityofElectronicCommunications Systems to Electronic Interception, ” volumns 1 & 2, the MITRE Corp , January 1977; “Selected 
Examples of Possible Approaches to Electronic Communications Intercept Operation s,” the MITRE Corp , January 1977 These reports were prepared under 
contract to the Office of Telecommunications Policy, Executive Off Ice of the President 
'Public Law 95.511 establishes standards and procedures for the use of electronic survei I lance for Government intelligence CO I lection within the Un ited States, 
including wiretaps and radio interception 

Ipresidential Directive/National security Council-24 (PD/NSC-24) Telecommunications Protection Policy (unclassified excerpts, dated Feb. 9, 1979), Nov 16, 1977 
/classified) 

•^“Security Controls for Computer Systems, ” Report of the Defense Science Board, Task Force on Computer Security Originally published as a classified docu¬ 
ment (R-609), February 1970 Republished as R-609-1 by the RAND Corp , October 1979 (unclassified) 
l‘Analysis of National Policy Options for Cryptography ” National Telecommunications and Information Administration, Department of Commerce, Oct 29, 1980 
‘Executive Order 12333, United States Intel I igence Activities, Dec. 4, 1981 The order includes a description of certain authorities of NSA for commun ications 
security safeguards. 

"NSDD 145, Pol Icy on Telecommunications and Automated In format ion System Secu rity. Sept 17 1984, assigns responsibili ty for computer and communications 

security to a single executive agent, the Secretary of Defense, and a single national manager, the Director of NSA 

*^Hearing^oncomputer security policies,HouseSubcommitteeon Transportation, Aviation, and Materials. Committee on Science and Technology June 27, 1985 
pThe Computer Security Act of 1986 (now 1987), FIR 145. 

^Policy on protection of Sensitive, but Unclassified Information in Federal Government Telecommunication and Automated Systems, NTISSP No 2 Oct 29, 1986 
This policy provides a definition of such sensitive Information and notes the responsibilities of department heads for deciding when safeguards are warranted 
This policy was rescinded tn March 1987 by Frank Carlucci. Chairman, National Security Council, and at the same time, a review of NSDD 145 was ordered 

''Public Law 99-474 provides penaltiesfor unauthorized access to certain financial records in computer systems and for trespassing on Federal computers 

^Public 99-508 amends -Lit J-0 o Qfth^ Omnibus Crime Control and Safe Streets Act of I968it protects against the unauthorized interception or electronic 

communications 

t Hearings on HFi 145 of the Flouse Subcommittee o„ Legislation and National Security, Feb 25-26, and Mar 17, 1987, and joint hearings Of the Flouse 
Subcommittee on Transportation, Aviation and Materials, Feb 26, 1987 
‘Flouse report 100-153, Parts 1 and 2, June 11, 1987 lOOth Cong 1st Sess 
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Act, and the appropriate roles of NSA v. NBS 

in providing safeguard standards for non¬ 
defense use. 

Finding an appropriate balance between 
these different views is not easy. Both are em¬ 
bodied in laws and policies, and both have 
strong advocates within and outside Govern¬ 
ment. Moreover, they have an existence that 
transcends the current debate over informa¬ 
tion security. Still, the issues raised by the 
debate demand attention now because of the 
implications of information security for the 
conduct of government, business, science, and 
our personal lives. 

Two important shifts appear to be occurring, 
however. The first is a wider recognition of the 


impacts of policies on users of information 
security products and on providers of infor¬ 
mation services, particularly where the pub¬ 
lic does not understand or agree with the need 
for controls, or where impacts fall unevenly. 
The second major shift, one that is still being 
deliberated, is a reluctance by Congress to ac¬ 
cept executive branch policies on information 
security when they require subordinating other 
important national interests. These two trends 
suggest that future policies for national secu¬ 
rity will have to be integrated with other in¬ 
terests, or alternative means found for satis¬ 
fying them, such as through the technological 
and administrative safeguard measures noted 
in chapters 4 and 5. 


THE EVOLUTION OF FEDERAL POLICY FOR SAFEGUARDING 
UNCLASSIFIED INFORMATION IN COMMUNICATIONS AND 

COMPUTER SYSTEMS 


Executive Branch Activities in 
I nformation Security 

Government policies have focused on the 
confidentiality of electronic communications 

since before World War I.''These policies pro¬ 
vided the means for protecting classified de¬ 
fense and diplomatic messages transmitted 
over Government and commercial communi¬ 
cations systems. For most of this century, U.S. 
policies included both communications secu¬ 
rity and signals intelligence operations against 
foreign governments.’ These functions be¬ 
came dispersed within each of the military de¬ 
partments, but were consolidated with the cre¬ 
ation of the National Security Agency (NSA) 
within DoD in 1952.® 


Tor an account of early Government intelligence operations, 
including wiretapping, codemaking, and codebreaking, see: Sup¬ 
plementary Reports on IntelIigence Activities, Book 6, Final 
Report of the Select Committee to Study Government Opera¬ 
tions with respect to Intelligence Activities, U.S. Senate, Re¬ 
port No. 94-755, Apr. 23, 1976. 

“J ames Bamford, The Puzzle Palace (New York, NY: Pen¬ 
guin Books, 1983), p. 206. The Army's cryptologic capability 
dates at least to World War 1. 

'Ibid., p. 81. NSA was created by a top secret presidential 
order signed by President Harry S Truman on Oct. 24.1952. 


While U.S. defense agencies have long had 

0n interest in preventing Soviet acquisition of 
various militarily useful equipment produced 
in this country or by our allies, they have also 
begun of late to urge export protection of tech¬ 
nical information that could be used for mili¬ 
tary or commercial purposes. Consequently, 
in some policy circles, the concept of national 
security, which in times past was very famil¬ 
iar to our understanding of “national defense 
and foreign policy, ” has taken on a broader 
meaning, one encompassing a wide range of 
economic, technical, scientific, and business in¬ 
formation. 

At the same time, two other concerns have 
arisen. One is over Soviet and other countries’ 
electronic intelligence gathering in the United 
States. A second involves an increase in the 
range of potential international adversaries. 
No longer are they perceived as limited to mil¬ 
itary and diplomatic opponents, but include 
economic rivals as well as terrorists, drug 
traffickers, and organized crime. 

From such considerations have come an in¬ 
creasing interest in protecting information 
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that, although not classified, is nevertheless 

important or sensitive enough alone or in com- 
bination with other unclassified information 
to warrant special precautions. As a conse¬ 
quence, anew category of unclassified, but sen¬ 
sitive information has developed. 

Computer Security 

Executive branch interest in computer secu- 
rity began with the establishment of a task 
force in 1967 to recommend safeguards to pro¬ 
tect classified information in multi-access, 
resource-sharing computer systems. The work 
of the task force, which was sponsored by 
DoD’s Defense Advanced Research Projects 
Agency, resulted in a classified report issued 
by the Defense Science Board in 1970, a declas¬ 
sified version of which was published in 
1979." 

At the same time, NSA, which was con¬ 
cerned about the vulnerability of the U.S. bank¬ 
ing system, began encouraging NBS to become 
involved in computer security. Based on the 
authority of the Automatic Data Processing 
Equipment Act (widely known as the Brooks 
Act) of 1965,®NBS was already developing 
performance standards for computers used by 
the Federal Government. As a result, NBS and 
the Association of Computing Machinery 
cosponsored a conference in 1972 on computer 
security. Following the conference, NBS initi- 

ated a program in computer and communica¬ 
tions security in 1973 based on the Brooks Act. 
This program led to the adoption in 1977 of 
the Data Encryption Standard (DES), as a na¬ 
tional standard for cryptography. (See eh. 4.) 

Since then, NBS has published dozens of 
Federal Information Processing Standards and 
guidelines, validated commercial encryption 
devices, participated in voluntary standards 


Security Controls for Computer Systems, Report of Defense 
Science Board Task Force on Computer Security, Office of the 
Secretary of Defense. Originally published as a classified docu¬ 
ment (R-609), February 1970; republished as an unclassified doc¬ 
ument -{^-609-1), October 1979, by the RAND Corp., Willis Ware, 
editor. 

'Public Law 89-306, Automatic Data Processing Equipment 
Act of 1965. 


groups, assisted other civilian agencies, and, 
with NSA, cosponsored annual conferences on 
computer security. NBS also works with users 
and vendors in developing many of their prod¬ 
ucts. Recently, the agency has contributed to 
the development of standards for network 
security as part of the 'open system intercon¬ 
nection network. " 

The 1970 task force report also prompted 
DoD to improve the security of classified in¬ 
formation in computer systems. Research and 
development undertaken by the Air Force, De¬ 
fense Advanced Research Projects Agency, 
and other defense agencies in the early- and 
mid- 1970s demonstrated approaches to tech¬ 
nical problems associated with controlling 
shared-use computer systems.® 

As a result of these activities, DoD launched 
the Computer Security Initiative in 1978, a pro¬ 
gram largely transferred to NSA in 1981, to 
address the department's computer security 
needs. The program became the National Com¬ 
puter Security Center (NCSC) in 1984 with the 
issuance of NSDD-145. NCSC develops stand¬ 
ards and guidelines, evaluates computer hard¬ 
ware and software security properties, under¬ 
takes research and development, and trains 
users. According to NCSC literature, the cen¬ 
ter addresses the Nation's computer security 
problems rather than just those associated 
with classified information or defense agency 
requirements. 

Many of NCSC's activities affect civilian 
agencies and the private sector. Among these 
are the development of criteria for evaluating 
the security of trusted computers, known as 
the "Orange Book. "]" NCSC, or other parts 
of NSA, rate commercial products based on 
the orange book criteria and train people in 
computer security, evaluate commercial DES 
products and other cryptographic devices,''de- 


'J . P. Anderson, "Computer Security Technology Planning 
Study, " ESD-TR-73-51,vol. I, AD-758 206, ESD/AFSC, Oc¬ 
tober 1972. 

"’Department of Defense Trusted Computer System Evalu¬ 
ation Criteria, DoD 5200.28 -STD, December 1985. SeealsCSC- 
STD-001-83, Aug. 15, 1983. 

’^Under the Commercial Communications Security Endorse¬ 
ment Program. 
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sign cryptographic modules for vendor manu¬ 
facture, and develop secure telephone equip¬ 
ment. NCSC also publishes standards and 
guidelines for computer security and partici¬ 
pates in voluntary standards activities with 
industry. (See ch. 5.) 

Communications Security 
P D/NSC-24 

Increasing concern during the mid-1970s 
about Soviet interception of unclassified U.S. 
domestic communications led to a change in 
executive branch policy. Presidential Direc¬ 
tive/National Security Council-24 (PD/NSC-24) 
was signed by President J immy Carter in 1977. 
It expanded the authority of DoD and, in a 
more limited way, the Department of Com¬ 
merce, for safeguarding unclassified, but sen¬ 
sitive communications that "would be useful 
to an adversary. PD/NSC-24 directed Fed¬ 
eral department heads to protect unclassified, 
but sensitive communications. It assigned 
responsibility to DoD for the security of clas¬ 
sified communications and for unclassified, but 
sensitive communications related to national 
security. It also assigned responsibility to the 
Department of Commerce for raising users' 
awareness of the vulnerability to interception 
of communications systems. In addition, PD/ 
NSC-24 charged the Defense and Commerce 
Departments with developing a joint proposal 
for a national policy on cryptography. DoD's 
responsibilities were carried out by NSA and 
Commerce's National Telecommunications 
and Information Administration (NTIA). 

Several DoD directives were issued to im- 

plement PD/NSC-24. The first, National Com¬ 
munications Security Council Policy-10 (NCSC- 
10)called for the protection of sensitive in¬ 
formation transmitted by the Government or 


'"Presidential Directive/National Security Council-24 (PD/ 
i\SC-24), Telecommunications Protection Policy (unclassified 
excerpts, dated Feb. 9, 1979), Nov. 16, 1977 (classified). 

‘^National Policy for the Protection of U.S. National Secu¬ 
rity Related I nformation Transmitted over Satellite Systems, 
NCSC-10, Apr. 26,1982. The National Communications Secu¬ 
rity Council was a predecessor organization to that established 
under NSDD-145. 


DoD contractors over satellite links. It was 
followed by NCSC-II,”which broadened 
NCSC-10 to protect all transmission systems 
carrying sensitive information from Govern¬ 
ment and DoD contractors. Neither NCSC-10 
nor NCSC-11 included a funding mechanism, 
but NSA issued National Communication 
Security Instruction 6002 in 1984.'Mt au¬ 
thorized Federal agencies and Government 
contractors to purchase approved equipment 
and services to protect unclassified, but sen¬ 
sitive information. (See ch. 5.) For its part, 
NTIA conducted seminars on communications 
vulnerabilities for more than 1,500 Federal em¬ 
ployees. 

DoD and Commerce were not able to develop 
a joint proposal for a national policy on cryp¬ 
tography, however, because of disagreements 
over compromises concerning national secu¬ 
rity, trade, innovation, and First Amendment 
rights. Instead DoD and Commerce submitted 
separate proposals. Essentially, the DoD pro¬ 
posal called for a continuation of various Gov¬ 
ernment controls on cryptography, such as on 
patents and the export of equipment and tech¬ 
nical data, while Commerce proposed minimiz¬ 
ing these controls and argu^ for greater sen¬ 
sitivity to the negative effects they have on 
broader national interests.'® 

The NTIA effort under PD/NSC-24 was hin¬ 
dered significantly by the absence of defini¬ 
tions of the terms "sensitive information and 
"useful to a foreign adversary" that could 
serve as practical guides to department heads. 
This shortcoming is significant because the 
broad definition provided in NSDD-145 later 
had to be withdrawn due to public apprehen¬ 
sion about its potentially wide applicability. 


^‘‘National Policy for Protection of Telecommunication Sys¬ 
tems Handling Unclassified National Security Related Infor¬ 
mation (NCSC-l 1), May 3, 1982. 

'Protection of Government Contractor Telecommunications, 
National Communication Security Instruction 6002 (NACSI- 
6002), J une 1984. 

'Phis assessment stems from OTA staff interviews in April 
1987, with former NTIA officials involved in developing the 
Department of Commerce proposal for a national policy on cryp¬ 
tography. Also, see "White Paper: Analysis of National Policy 
Options for Cryptography, " National Telecommunications and 
Information Administration, U.S. Department of Commerce, 
Oct. 29, 1980. 
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PD/N SC-24 had at least two notable effects: 
it pioneered an experiment by assigning some 
limited responsibility for safeguarding Gov- 

eminent communications to a civilian agency 
—the Commerce Department-and it provided 
authority for NSA to protect unclassified com¬ 
munications. The assignment to NSA was the 
beginning of a trend toward consolidating and 
broadening responsibilities for the security of 
unclassified electronic information within DoD. 

The joint Defense and Commerce programs, 
begun in 1978 under PD/NSC-24, were short¬ 
lived. They ended when NTlA’s involvement 
was discontinued in 1982 due to reasons of gen¬ 
eral agency budget reductions. Further, PD/ 
NSC-24 itself was superseded by NSDD-145 
in 1984. Many of the activities initiated under 
PD/NSC-24 now come under the authority of 
NSDD-145. 

NSDD-145 

The current national charter for information 
security is provided by Executive Order 
12333'^ and National Security Decision Direc¬ 
tive 145 (NSDD-145). Executive Order 12333 
assigns to the Secretary of Defense responsi¬ 
bility for making Government communications 
secure. 

NSDD-145 is the current fundamental pol¬ 
icy for communications and computer security. 

It: 

• recognizes the merging of communica- 
tions and computer technology and is in¬ 
tended to direct a coordinated approach 
to securing both types of systems; 

• continues the emphasis on protecting un¬ 
classified, but sensitive information begun 
under PD/NSC-24; 

• assigns responsibility for computer and 
communications security solely to a sin¬ 
gle executive agent, the Secretary of De¬ 
fense, and a single national manager, the 
Director of the National Security Agency; 
and 

• establishes a specific responsibility for 

'Executive Order 12333,United States I ntelIigence Activi¬ 
ties, Dec. 4, 1981. 


major Government resources to be used 
to “encourage, advise, and if appropriate 
assist the private sector to protect 
against exploitation of communications 
and automated information systems. 

NSDD-145 states that telecommunications 
and automated information systems “are 
highly susceptible to interception, unauthor¬ 
ized electronic access, and related forms of 
technical exploitation, as well as other forms 
of hostile intelligence threat. ” It recognizes 
that exploitation can occur from terrorist 
groups and criminal elements, and that private 
or proprietary information can become targets 
for foreign exploitation. NSDD-145 focuses on 
unclassified, but sensitive electronic “Govern¬ 
ment and Government-derived information, 
the loss of which could adversely affect the na¬ 
tional security interest. ” 

The directive establishes an interagency 
organization that includes virtually all Federal 
defense, intelligence, and law enforcement, as 
well as some civilian agencies. The leadership 
of the interagency group is also responsible for 
the security of classified information. 

The organizational structure is shown in ta- 

ble 13. The key points to note are: 

• The Systems Security Steering Group 

the implementation of NSDD- 
145. It is composed of the secretaries of 
State, Treasury, and Defense, the Attor¬ 
ney General, the director of the Office of 
Management and Budget, and the direc¬ 
tor of the Central Intelligence Agency, and 
was chaired by the President advisor for 
National Security Affairs as recently as 
1987. 

• Working under the steering group’s guid¬ 
ance is the National Telecommunications 
and Information Systems Security Com¬ 
mittee (NTISSC), which develops operat¬ 
ing policies and provides security guid¬ 
ance to Government agencies. NTISSC is 
composed of representatives of Govern¬ 
ment agencies and departments having 
principle or major missions in military, in¬ 
telligence, and law enforcement, among 
others. It is chaired by the assistant sec- 
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Table 13.—Committees Guiding the 
Implementation of NSDD 145 


Systems Security Steering Group: 

1 . Secretary of State 

2. Secretary of the Treasury 

3. Secretary of Defense^ 

4. Attorney General 

5. Director of omb 

6 Director of Central Intelligence" 

7. Assistant to the President for National Security 
Affairs, chair" 

National Telecommunications and Information Systems 
Security committee: 

Consists of a voting representative of each of the above, 
plus a representative designated by each of the following: 

8. Secretary of Commerce 

9. Secretary of Transportation 

10. Secretary of Energy 

11. Chairman, Joint Chiefs of Staff" 

12. Administrator. GSA 

13. Director, FBI 

14. Director, Federal Emergency Management Agency 

15. Chief of Staff, Army" 

16. Chief of Naval Operations" 

17. Chief of Staff, Air Force" 

18. Commandant, Marine Corps" 

19. Director, Defense Intelligence Agency" 

20. Director, National Security Agency" 

21. Manager, National Communications System" 

22. Assistant Secretary of Defense for Command, 

Control, Communications, and Intelligenc e, chair’ 

^Denotes a representat ive closely assoc iafed wi th the de fense/nati on al secu nty 
community 

SOURCE Donald C Latham Assistant Secretary of Defense Command. Con 
trol Communications and Intelligence, testimony before the House 
Subcommittee on Transportation Aviation, and Materials and Subcom- 
m itteeon Sc i ence Research, and Technology Feb 26 1987 See also 
NSDD 145 Sept 17 1984 

retary of defense (for command, control, 
communications, and intelligence). 

• The interagency group’s executive agent 
for telecommunications and information 
systems security is the Secretary of De¬ 
fense, who approves standards and doc¬ 
trine, and reviews the security budgets of 
other departments and agencies. 

• The national manager for telecommunica¬ 
tions and automate-d information systems 
security is the director of NSA, who serves 
as the Government focal point for cryp¬ 
tography, telecommunications, and auto¬ 
mated information systems security, con¬ 
ducts R&D for security, and approves all 
standards, techniques, systems, and equip¬ 
ments for the security of these systems. 

Critics of NSDD-145 have charged that the 
organization is dominated by defense and in- 


telligGnCG interests and that the National Secu¬ 
rity Council, as chair of the steering group, acts 
in a decisionmaking capacity rather than as 
an advisor to the President. They also charge 
that NSDD-145 raises a conflict by giving au¬ 
thority to NSA to develop standards for com¬ 
puter security, authority that was previously 
given to NBS under the Brooks Act. The con¬ 
flict has caused manufacturers and business 
users of information security products to ques¬ 
tion which Government agency has leadership 
for standards development, equipment en¬ 
dorsement, and related functions, and raised 
the issues of the appropriate division of respon¬ 
sibility between civilian and military agencies, 
as well as the secrecy and absence of open ac¬ 
countability of NSA. 

Definition of Sensitive Information 

Finally, there has been considerable concern 
over public access to unclassified, but sensi¬ 
tive information (see below). One main reason 
was the definition of the term as information 
whose loss, misuse, alteration, or destruction 
“could adversely affect national security or 
other Federal interests. These national secu¬ 
rity interests were defined as: 

,.. matters that relate to the national defense 
or the foreign relations of the U.S. Govern¬ 
ment. Other Government interests are those 
related, but not limited to the wide range of 
Government or Government-derived economic, 
human, financial, industrial, agricultural, tech¬ 
nological, and law enforcement information, 
as well as the privacy or confidentiality of per¬ 
sonal or commercial proprietary information 
provided to the U.S. Government by its 
citizens. 

Shortly after this definition was issued, Di¬ 
ane Fountaine, director of information systems 
for the Office of the Assistant Secretary of De¬ 
fense, Command, Control, Communications 
and Intelligence, spoke before the Information 
Industry Association in New York City on No¬ 
vember 11, 1986. This official was widely 
quoted as saying: 

“National Policy on Protection of Sensitive, but Unclassi¬ 
fied Information in Federal Government Telecommunications 
and Automated Systems, NTISSP No. 2, Oct. 29, 1986. 
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I don't bGliGVe that thG issue is whether or 
not we [DoD} are going to protect information. 

I really believe that the issue is what informa¬ 
tion we are going to protect, both from the 
Federal Government, both within DoD and 
also within industry. 

The overall statement was apparently in¬ 
tended to assure listeners that the restrictions 
would apply to Soviet access to U.S. databases 
and not to the U.S. scientific and technical com¬ 
munity. Nevertheless, it was generally seen as 
foreboding by those who fear further Federal 
restrictions on unclassified information. 

At about the same time, two other related 
events were publicized that reinforced concerns 
for Government restrictions on unclassified in¬ 
formation. One involved reports of a classified 
Air Force study on foreign access to databases 
in the United States and other Western coun¬ 
tries, and what can be done to limit such ac¬ 
cess. “ The other involved well-publicized 
visits to commercial database firms by repre¬ 
sentatives from the Federal Bureau of Inves¬ 
tigation, Central Intelligence Agency, and 
NSA asking how controls might be placed on 
subscribers to their systems. These visits re¬ 
ceived considerable publicity by the news 
media. 

Policy Development in Congress 

While passing legislation that provided the 
legal basis for some Government controls on 
information, Congress has also sought to pro¬ 
tect the confidentiality of electronic commu- 
nications and computer information as well as 
individuals’ rights and privacy. The laws iden¬ 
tified below illustrate this trend, which has 
been occurring simultaneously and parallel to 
executive branch directives aimed at national 


‘^Draft transcript of speech by Diane Fountaine’s presenta¬ 
tion at the Information Industry Association Annual Conven¬ 
tion, Nov. 11, 1986. Transcript provided by the Information 
Industry Association. See also “Pentagon Weighs Data Bank 
Curbs, ” New York Times, Nov. 11,1986. 
cit., Fountaine statement. 

‘1” Pentagon Weighs Data Bank Curbs, ” New York Times, 
Nov. 12, 1986; “Are Data Bases A Threat to National Secu¬ 
rity?” Business Week, Dec. 1, 1986. 


SGCUrity concerns. Still other laws, not shown, 
protect the privacy of individuals, such as the 
Privacy Act and the Fair Credit Reporting Act. 

The Communications Act of 1934, Section 605 
(now Section 705), as amended, provides that 
"No person not authorized by the sender shall 
intercept any communications and divulge. . . 
the content. ” Notwithstanding this legislation 
and the 1938 Supreme Court interpretation 
(Nardone v. United States, 302 U.S. 379) that 
Section 605 prohibited all telephone wiretap¬ 
ping even when done by Federal Government 
officers. Government wiretapping continued. "" 

Title 111 of The Omnibus Crime Control and 
Safe Streets Act of 1968 includes sections that 

protect the privacy of wire and oral communi¬ 
cations, and delineate on a uniform basis the 
circumstances and conditions under which the 
interception of wire and oral communications 
may be authorized. 

The Foreign Intelligence Surveillance Act of 
1978 (Public Law 95-511) establishes legal 
standards and procedures for the use of elec- 
tronic surveillance in collecting foreign intel¬ 
ligence and counterintelligence within the 
United States. Electronic surveillance is de¬ 
fined to include wiretaps, radio intercepts, and 
other forms of surveillance.^^ 

The Electronic Communications Privacy Act 
of 1986 (Public Law 99-508) protects against 
the unauthorized interception of electronic 
communications. It amends Title III of the 
Omnibus Crime Control and Safe Streets Act 
of 1968. The Electronic Communications Pri¬ 
vacy Act addresses three limitations in Title 
III protection that had developed as a result 
of technological changes.The limitations 
concern the “aural acquisition” of oral Com¬ 
munications (in contrast with the acquisition 

S. Congress, Office of Technology Assessment, Federal 
Government Information Technology: Electronic Surveillance 
and Civil Liberties, OTA-C IT-293 (Washington, DC: U.S Gov¬ 
ernment Printing Office, October 1985), p. 18. 
bid., pp. 18-21. 

“Ibid., pp. 20-21. 

‘"'^For a more thorough discussion of technological changes 

and the legal protections for the privacy of communications see: 
Federal Government Irforrnation Technology: Electronic Sur¬ 
veillance and Civil Liberties, OTA-C IT-293, Op. cit., October 
1985. 
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of digital communications), Communications 
over nonwire facilities, and communications 
over systems other than public telephone 
systems. 

The Electronic Communications Privacy Act 
of 1986 extends legal protection in each of these 
areas. It prohibits unauthorized interception 
of video and data communications. It defines 
“electronic communication” to include “any 
transfer of signs, signals, writing, images, 
sounds, data, or intelligence of any nature. 
Exceptions to this include the radio portion 
of a cordless telephone communication, any 
communication made through a tone-only pag¬ 
ing device, and any communication made 
through a tracking device, such as is used for 
electronic surveillance. The 1986 act also ex¬ 
tends protection to communications trans¬ 
mitted “in whole or in part by a wire, radio, 
electromagnetic, photoelectronic or photo- 
optical system. ” 

Communications also are protected against 
intentional interception regardless of the 

means by which they are transmitted. But the 
inadvertent reception of satellite transmissions 


or radio communications is not penalized. The 
Electronic Communications Privacy Act also 
protects against the disclosure of stored wire 
and electronic communications (e.g., electronic 
mail records) and provides legal standards for 
access to the transactional records of commu¬ 
nications providers. These extended protec¬ 
tions address some of the vulnerabilities of 
communication systems identified in chapters 3. 

The Computer Fraud and Abuse Act of 1986 
(Public Law 99-474) provides penalties for un- 

authorized access to certain financial records 
in computer systems, including a 5-year felony 
provision for unauthorized access to a “Fed¬ 
eral interest computer” with an intent to de¬ 
fraud. It also provides for a penalty for inten¬ 
tional trespassing on Federal computers. The 
act establishes a felony provision for malicious 
damage to a Federal interest computer and a 
misdemeanor provision for posting passwords 
on “pirate bulletin boards. 


"Public Law 99-474, The Computer Fraud and Abuse Act 

of 1986, signed into law Oct. 16, 1986. Computer Crime and 
Security, Issue Brief, Congressional Research Service, 11385155, 
Mar. 10, 1987. 


GOVERNMENT CONTROLS ON UNCLASSIFIED INFORMATION 


Controls Through Legislation 

At the same time that it sought to protect 
individual rights and privacy from Govern¬ 
ment and other intrusions. Congress also gave 
the executive branch authority to limit public 
access to certain kinds of information, both 
classified and unclassified. A series of laws 
were enacted that gave the President and cer¬ 
tain department and agency heads power to 
withhold information to protect its secrecy and 
to restrict access to it. 

The Atomic Energy Act of 1946 (60 Stat. 755). 
One of the Federal Government's oldest mech- 

anisms for controlling scientific communica¬ 
tions, the Atomic Energy Act of 1946, had its 
origins in the rigid secrecy surrounding the 
World War 11 Manhattan Project and the Gov¬ 
ernment monopoly on atomic energy research 


and development. The Atomic Energy Act 
created the category of Restricted Data, which 
it defined as "all data concerning (1) design, 
manufacture or utilization of atomic weapons; 
(2) the production of special nuclear material; 
or (3) the use of special nuclear material in the 
production of energy. ” A revised version, 
enacted as the Atomic Energy Act of 1954 (68 
Stat. 919; 42 U.S.C. 201 1-2296), permitted ac¬ 
cess and retention to some Restricted Data by 
private firms engaged under license in indus¬ 
trial applications of nuclear power, provided 
that they obtained the necessary security clear¬ 
ances and abided by the required information 
controls. 


S . Congress, House Committee on Government Opera¬ 
tions, 'The Government’s Classification of Private Ideas, " 
House Report 96-1540. 96th Cong., 2d sess.. Dec. 22, 1980. 
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Without explicitly using the phrase "born 
classified, " the Atomic Energy Act provides 
that Restricted Data is subject to secrecy from 

the moment of its creation, even though the 
creator may be a private individual. The Gov¬ 
ernment has taken legal action against private 
parties, most notably The Progressive maga¬ 
zine, which was planning to publish an article 
(based on declassified, publicly available infor¬ 
mation) on the workings of a hydrogen bomb. 
The Government sought to restrain the maga¬ 
zine from printing the story. A court prelimi¬ 
nary injunction was later vacated after simi¬ 
lar information was published in a newspaper.” 

The act’s scope was broadened in 1981 to 
permit the Secretary of Energy to prohibit dis¬ 
semination of certain unclassified information 
if dissemination could reasonably be expected 
to have a significant adverse effect on the 
health and safety of the public or the national 
defense and security by significantly increas¬ 
ing the likelihood of illegal weapons produc¬ 
tion or theft, diversion, or sabotage of nuclear 
materials, equipment, or facilities. Declassifi¬ 
cation alone may not release certain types of 
information from statutory control of its dis¬ 
semination. ’g 

The Export Administration Act and Arms Ex¬ 
port Control Act. Both the Export Adminis- 

tration Act (50 U.S.C. App. 2401-2420) and the 
Arms Export Control Act (22 U.S.C. 2751- 
2794) provide authority to control the dissem¬ 
ination to foreign nationals of scientific and 
technical data related to items requiring ex¬ 
port licenses according to the Export Admin¬ 
istration Regulations (EAR) or the Interna¬ 
tional Traffic in Arms Regulations (ITAR). The 
implementing regulations are administered by 
the Department of Commerce, which licenses 
items subject to EAR, and by the Department 


^^Harold C. Relyea: “National Security Controls and Scien¬ 
tific Information, ” CRS Issue Brief IB82083, J une 17, 1986, 
p. 7. 

contrast, uncontrolled dissemination of declassified 
documents-through NTIS, for example-has been criticized 
as being a continuing and important source of U.S. technology 
for the Soviet Union. See, for example: Soviet Acquisition of 
Militarily Significant Western Technology: An Update, DoD, 
1985; and “Baldridge Claims U.S. Agencies Give Technology 
to Soviets, "Research and Development, April 1985, p. 54. 


of StOtG, which licenses items subject to ITAR. 
The export of communications and computer 
security products and technical data are con¬ 
trolled through EAR and ITAR. The Defense 
Department plays an advisory role regarding 
the application of these regulations to techni¬ 
cal data. 

The term “technical data” is defined broadly 
to restrict the domestic dissemination of sci¬ 
entific and technical information to foreigners, 
including the presentation of papers at open 
scientific meetings.''® This broad definition of 
“export and the extent to which much scien¬ 
tific research can be (at least indirectly) related 
to items subject to controls have aroused much 
controversy during the past 7 years. The con¬ 
troversy pits the research and academic com¬ 
munities against the Departments of Com¬ 
merce, State, and Defense. 

Specific issues have included prepublication 
review clauses and other contract restraints 
on unclassified Government-sponsored univer¬ 
sity research, controls on foreign visitors, in¬ 
quiries into and restrictions on foreign student 
activities (including access to supercomputer 
and advanced materials research), and DoD 
controls on the content of scientific communi¬ 
cations at normally open professional meetings. 
An example of the latter was the meeting held 
by the Society of Photo-Optical Engineers in 
1982, at which DoD forced the withdrawal of 
about 100 unclassified technical papers."' 


^‘'Relyea, op. cit., CRSIB82083, p. 8. 

■^See, for example: “Federal Restrictions on the Free Flow 
of Academic I nformation and I deas. Government Information 
Quarterly, vol. 3, No. 1, 1986; Mitchel B. Wallerstein, “Scien¬ 
tific Communication and National Security in 1984, “ Science, 
vol. 224, pp. 460-466; Paul Mann, “Strictures on Non-Secret 
Data Concern Scientific Community,” Aviation Week and Space 
Technology, Nov. 19, 1984, pp. 24-25; James K. Gordon, “Univer¬ 
sities Resisting Potential Supercomputer Access Restrictions, 
Aviation Week and Space Technology, Aug. 26, 1985, pp. 59-62. 

One of the outcomes of these controversies was the estab¬ 
lishment of an ad hoc National Academy of Sciences Panel on 
Scientific Communication andNational Security, chaired by Cor¬ 
nell University president-emeritus Dale Corson. The Corson 
panel report concluded that national policies of “security through 
secrecy” would ultimately weaken U.S. technological capabil¬ 
ities and recommended that contract controls be used for the 
(few) “gray” unclassified areas that could not reasonably be 
completely open. 
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The Invention Secrecy Act. The Invention 
Secrecy Act of 1951 (35 U.S.C. 181-188) pro¬ 
vides that whenever the publication ordiscio- 

sure by the grant of a patent on an invention— 
whether or not the Government has a prop¬ 
erty interest—might, in the opinion of the Sec¬ 
retary of Energy or the head of any designated 
defense agency (and the Department of Jus¬ 
tice), be detrimental to national security, then 
that agency head can request the Commis¬ 
sioner of Patents and Trademarks to order that 
the invention be kept secret and withhold 
granting a patent. A patent secrecy order is 
issued for one year, but may be extended. 

In addition to domestic patent secrecy orders, 
the Invention Secrecy Act provides that a 
license must be obtained from the Commls- 
sioner of Patents and Trademarks before fil¬ 
ing any foreign patent application or register¬ 
ing any such design or model with a foreign 
patent office or agency for an invention made 
in the United States (35 U.S.C. 184). 

Although the number of secrecy orders on 
cryptography patent inventions is small now, 
that was not always the case. According to a 
former director, NSA rescinded 62 of them in 
one year alone and sponsored 260 secrecy 
orders over a period of time.''^ It is not clear 
how much of a chilling effect prospective 
secrecy orders have on inventors. 

The Defense Authorization Act of 1984. The 
Defense Authorization Act of 1984 provides 
authority to the Secretary of Defense to with¬ 
hold from public disclosure certain technical 
data with military or space applications. The 
data must be in the possession or under the 
control of DoD and must fall within the scope 
of U.S. export control regulations (i.e., the data 
must be already subject to export controls) .33 


'Testimony of NSA Director, Admiral Bobby R. Inman, be¬ 
fore the H ouse Subcommittee on Government I nformation, M ar. 
20, 1980. Also see "White Paper: Analysis of National Policy 
Options for Cryptography, " National Telecommunications and 
Information Administration, Department of Commerce, Oct. 
29,1980. 

i^Departmentof Defense Authorization Act, 1984,Public 
Law 98-94, Sept. 24, 1983, Sec. 1217, Authority to Withhold 
from Public Disclosure Certain Technical Data. 10U.S.C. 140c. 


Executive Branch Directives 
and Other Restrictions 

As a compromise response to the con¬ 
troversy concerning restraints on the eommu- 
nication of scientific research and to the Na¬ 
tional Academy of Science’s Corson Panel 
Report, President Ronald Reagan issued a 
directive on the transfer of scientific, techni¬ 
cal, and engineering information on Septem¬ 
ber 21, 1985. Known as National Security De¬ 
cision Directive 189, (NSDD-189), the directive 
sought to minimize controls on fundamental 
research and to use classified procedures where 
controls are needed. 

Specifically, NSDD-189 states: 

. . . to the maximum extent possible, the prod¬ 
ucts of fundamental research remain unre¬ 
stricted. It is also the policy of this Admin¬ 
istration that, where the national security 
requires control, the mechanism for control of 
information generated during Federally funded 
fundamental research in science, technology, 
and engineering at colleges, universities, and 
laboratories is classification. ... No restriction 
may be placed on the conduct or reporting of 
Federally funded fundamental research that 
has not received national security classifica¬ 
tion, except as provided in applicable U.S. 
statutes. 

NSDD-189 made Federal agencies sponsoring 
research responsible for determining, before 
the award of a research contract or grant, 
whether classification is appropriate and for 
periodically reviewing grants and contracts for 
potential classification. 

The directive did not quell all controversy, 
however, because it left "applicable U.S. stat¬ 
utes, such as the export control laws, avail¬ 
able as an alternative method of controlling 
federally sponsored, unclassified research re¬ 
sults. Since export controls on scientific infor¬ 
mation had been a cause of the original con¬ 
troversy, NSDD-189 thus failed to resolve the 
issue. 


^^See:Relyea, op. dt., CRS IB82083, pp. 12-13; and "Reagan 
I ssues Order on Science Secrecy: Will 11 Be Obeyed?" Physics 
Today, November 1985, pp. 55-58. 
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Meanwhile, the National Aeronautics and 
Space Administration (NASA) limits its dis- 
tribution of some unclassified scientific and 
technical information, including that pertain¬ 
ing to dual-use technologies such as the space 
station, satellites, experimental aircraft, or 
transatmospheric vehicles. Such data can be 
restricted from dissemination to foreigners 
through export control laws, particularly 
through ITAR, or through other means (see 
below), if they have significant potential do¬ 
mestic benefit. Some NASA officials, however, 
feel a need for stronger protection against Free 
dom of Information Act requests from citizens 
of foreign countries. NASA officials try to 
screen such requests for unclassified reports 
listed in the RECON database, which contains 
abstracts and briefs from NASA technical 
reports. Foreign requesters are referred to the 
Department of State for licensing if the mate¬ 
rial is subject to ITAR. 

NASA’s charter calls for the agency to dis¬ 
seminate information in an “appropriate” man¬ 
ner. This can include “early domestic dissem¬ 
ination” of data that is subject to limited 
distribution, in which case the data is made 
available to U.S. industry with the proviso that 
it not be published or disseminated abroad for 
a period of time. In some cases, “appropriate” 
dissemination may be determined by consid¬ 
eration of U.S. economic competitiveness as 
well as by national security concerns.''^ 

NASA does not make the services and doc¬ 
uments in its technical utilization program 
available to foreign requesters or to their do¬ 
mestic U.S. representatives. For many years 
the NASA Scientific and Technical Informa¬ 
tion Facility has screened all requests for sub- 

sciiptionto NASA Tech Briefs, technical sup¬ 
port packages, and other documentation.^® 
This practice, apparently motivated by con- 

cerns for national security and/or economic 

isqta telephone interview with G. T. McCoy, NASA Office 

of the General Counsel, Patent Counsel Section, Mar. 31, 1987; 
comments from R. F. Kempf, Associate General Counsel for 
Intellectual Pronerty Law. NASA, received May 8, 1987. 

^‘'Walter Heiland m NASA memo, “The So-called No-No 

List, ” dated Sept. 30, 1986. 


competitiveness and inferred from the export 
control laws, resulted in the nasa “No-no” 

list often being cited in the controversies sur¬ 
rounding National Telecommunications and 
Information Systems Security Policy Number 
2 (NTISSP No. 2) 37 and the prospect of Gov¬ 
ernment controls on commercial databases. 

NTISSP No. 2 was formally adopted as na¬ 
tional policy on October 29, 1986. It defines 
unclassified, but sensitive information to be 
used in accordance with the telecommunica¬ 
tions and automated information system secu¬ 
rity policy set out in NSDD-145. NTISSP No. 
2 extended Federal concerns for safeguarding 
information beyond national security interests 
to concerns for broader national interests as 
described above. Federal agency and depart¬ 
ment heads were directed to identify unclassi¬ 
fied, but sensitive information that might 
warrant protection in telecommunications or 
information processing systems, to determine 
in coordination with the National Security 
Agency (NSA) the threats to and vulnerabili¬ 
ties of these systems, and to implement appro¬ 
priate security measures consistent with Of¬ 
fice of Management and Budget Circulars 
A-123 and A-130. (See eh. 5.) 

NTISSP No. 2’s broad definition of unclas¬ 
sified, but sensitive information and its implied 
extension of NSDD-145 into such a wide range 
of public and private sector information sys¬ 
tems caused considerable controversy and out¬ 
cry, as noted earlier, particularly because of 
implications for controls on scientific and 
financial information and commercial data- 
basesNTISSP No. 2 was rescinded in 
March, 1987. 

NSA does not have statutory authority to 
require prepublication review of independent, 
nongovernment research in cryptography. 
Nevertheless, the agency has attempted dur¬ 
ing the past decade to control publication and 
research funding in cryptography, efforts that 

370p. dt. National Policy on Protection of Sensitive, but Un¬ 
classified Information in Federal Government Telecommuni¬ 
cations and Automated Information Systems, Oct. 29, 1986. 

Making Waves: Poindexter Sails Into Scientific Data¬ 
bases, "Physics Today, J anuary 1987, pp. 51-52. 
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have caused controversy. In the mid- and late 
1970s, NSA attempted to assume the respon- 
sibilities of the National Science Foundation 
for funding unclassified cryptographic f G- 
SG0rch, including reviewing research proposals 
and results. 

NSA has also requested patent secrecy 
orders on applications for cryptographic equip¬ 
ment and algorithms under authority of the 
invention Secrecy Act. Controversy concern¬ 
ing two secrecy orders led NSA tO request the 
American Council On Education (ACE) tO form 
a study group On cryptography. The ACE 
group was assembled in 1980 and issued itS 
report the next year. It recommended the 


'^^Seech. 4. See also Tom Ferguson, “Private Locks, Public 
Keys and State Secrets: New Problems in Guarding I nforma- 
tion with Cryptography, ” Center for Information Policy Re¬ 
search, Harvard University, April 1982, and 'TheGovernment's 
Classification of Private Ideas, “ House Committee on Govern¬ 
ment Operations (op. cit.). 


establishment of a voluntary prepublication 

review arrangement between NSA and aca¬ 
demic researchers. ’() 

As a result, NSA established a voluntary 
process for cryptographic manuscripts, with 
simultaneous review by NSA officials and pro- 
fessional journals, and with an appeals COnn- 
mittee. Although the merits of such a process 
are still subject tO SOnflG debate, SOnflG partici¬ 
pants consider that it works in a reasonably 
satisfactory manner. According tO Science 
magazine, about 200 papers had been sub¬ 
mitted to NSA for review by 1984. According 
to NSA, of that number, nine papers were Chal¬ 
lenged. Six of these were modified and three 
withdrawn. 


"“'Report to the Public Cryptography Study Group, ” Aca¬ 
deme, \/o\. 67, December 1981. 

^'MitchelB.Wallerstein, “Scientific Communications and 
National Security in 1984, ” Science, vol. 224. pp. 460-466. 


THE ENVIRONMENT FOR POLICY DEVELOPMENT 


The Early Environment 

Cryptography has long been the principal 
method for protecting the confidentiality of 

communications. Since World War I, and in¬ 
creasingly during the past four decades, the 
Federal Government has been the Nation’s 
main source of expertise in the U.S. for devel¬ 
oping cryptographic techniques. With rare ex- 
eeptions, these developments, including cryp¬ 
tographic algorithms, have been kept Secret, 
as has similar work in other nations. 

Prior to the mid- 1970s, there were relatively 

few external eomplications tO eommunieations 
policies based exclusively on national security 
concerns. NSA, and DoD generally, had 
responsibility for communications security and 
the private sector had little interest in crypto¬ 
graphic technology. The Government could 
protect its interest by classifying R&D, con¬ 
trolling patent grants and exports, and monop¬ 
olizing talent in the field. Any negative effect 


of this secrecy and controls on private sector 
activities, presumably, have been relatively mi¬ 
nor, with the possible exception of restrictions 
on patents and exports of cryptographic equip¬ 
ment and technical data. 

The Changing Environment and 
Federai Poiicies 

During the past decade, a number of events 
have changed the external environment, changes 
that are still taking place. The first of these 
has to do with shifts in Federal policy and the 
second concerns the changing external envi¬ 
ronment for policymaking. 

Federal policy took a sharp turn in the 1970s 
when a non defense agency, NBS, became in¬ 
volved in cryptography for the first time. The 
result of NBS' efforts, which NSA assisted, 
was adoption of the Data Encryption Stand¬ 
ard (DES) as a national standard for cryptog- 
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raphy, the inner workings of which were pub¬ 
lished in the open literature. 

The change in policy direction from secrecy 
to openness appears to have signaled increas¬ 
ing interest in the defense and intelligence com¬ 
munities in finding ways to thwart the ability 
of the Soviet Union and others to gain access 
to unclassified, unprotected U.S. communica¬ 
tions. The policy shift is widely known to have 
triggered debate within NSA as to the tradeoffs 
between potential gains in securing commu¬ 
nications at the expense of losses to the agency's 
signals intelligence mission. Debates outside 
of the agency questioned whether NSA, in view 
of its signals intelligence mission, would per¬ 
mit a high quality cryptographic algorithm to 
be published in its entirety. 

Then, in the late 1970s, heightened Federal 
concern for foreign interception of U.S. Gov¬ 
ernment and private sector communications 
resulted in the issuance of Presidential Direc¬ 
tive/National Security Council 24, as noted 
earlier. PD/NSC-24 called for raising public 
awareness of the vulnerability of communica¬ 
tions systems to interception. Thus, cryptog¬ 
raphy, the central means for safeguarding com¬ 
munications that are easy to intercept, was 
destined to play a role in the security of non¬ 
defense communications. 

As these Federal policies evolved, important 
changes were also taking place outside the 
Government as private sector interests and 
competence in cryptography and other safe¬ 
guard technologies began to grow. These 
changes were stimulated by the almost simul¬ 
taneous invention of DBS and the public-key 
algorithm by researchers from industry and 
academia.(See ch. 4.) This was followed in the 
late 1970s and early 1980s by private sector 
users recognizing new applications for these 
technologies. The result was anew set of stake¬ 
holders with an interest in Federal policies in 
this area.(See ch. 5.) In addition, business in¬ 
terest in cryptography became international. 
These events contribute to an environment 
that contrasts sharply with the relatively tran¬ 
quil one in which earlier U.S. policies were 
established. 


The Current and Future Environment 

The current external environment continues 
to evolve in a number of ways, some of which 
are an extrapolation of the past decade. For 
example: 

• The private sector and civilian Govern¬ 
ment agencies are increasingly Interested 
in improved safeguards for automated in¬ 
formation systems, particularly for com¬ 
puter systems and for computer-communi¬ 
cations networks. Computer safeguards 
are developing rapidly using a number of 
technologies, only a few of which are based 
on cryptography. 

• Business applications for cryptography 
are still growing both in the United States 
and overseas.''^ Uses include improved 
confidentiality of data, message authen¬ 
tication and verification, and user iden¬ 
tification. These new applications often 
take unpredictable forms, such as stream¬ 
lining routine paper transactions in au¬ 
tomobile manufacturing and reducing in¬ 
ventory costs in the grocery industry. 

• There is an expanding, although by no 
means comprehensive, technical compe¬ 
tence in the private sector to develop 
cryptographic-based and other safeguard 
technologies. 

In this setting, defense policymaking has re¬ 
sulted in two recent changes. First, NSA sees 
its current role as the focal point for all com¬ 
puter and communications security for the 
Federal Government and private industry, in¬ 
cluding the protection of unclassified, but sen¬ 
sitive information.* 

Secondly, NSA changed the Federal Govern¬ 
ment's practice of openly publishing crypto¬ 
graphic algorithms. The agency announced in 
1986 that it would not recertify DBS-based 
products after J anuary 1988. Previously en¬ 
dorsed DBS products may continue to be used, 
in general, and DBS also may continue to be 


“Richarid I. Pol is, “European Needs and Attitudes Toward 
I nformation Security, “ unpublished paper prepared for the Fif¬ 
teenth Annual Telecommunications Policy Research Conference, 
Airlie, VA, Sept. 27-30, 1987. 

^^NSA announcement, April 1986. 
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used for Government electronic fund trans- 

fers. place of DES, NSA announced that 
it would offer a family of NSA-designed and 
-certified algorithms embedded in tamper-proof 
modules to protect unclassified information. 

‘‘Letter from NSA to OTA from Michael C. Gidos, Chief, IN- 
LOSECPolicy,COMSEC Doctrine, and Liaison Staff, dated 
July 23, 1986. 


Thus, the prior Federal Government policy 
of providing certified, published algorithms, 
developed as consensual standards under NBS 
stewardship, has in fact shifted to NSA-pro- 
vialed, secret algorithms as a means of provid¬ 
ing improved protection against the misuse of 
unclassified electronic information. 


CURRENT CONGRESSIONAL INTEREST 


The various interests, concerns, and policy 
trends described in this chapter provide a back¬ 
ground for a set of policy issues reflected in 
proposed legislation and hearings on computer 
and communications security in Congress dur¬ 
ing 1986 and 1987. Issues and concerns that 
previously were spoken of privately now were 
said in public and for the record. The result 
may be a vehicle for resolving, at least in the 
short run, some of the conflicting interests and 
views of national security as they pertain to 
the security of computer and communications 
information. 

The Computer Security Act of 1987 (HR 145) 
was introduced in the House of Representa¬ 
tives in 1987.*lt would establish a Govern¬ 
ment-wide program to ensure the security of 
sensitive information in computer and commu¬ 
nications systems. Specifically, the bill: 

• assigns to NBS responsibility for assess¬ 

ing the vulnerability of the Federal Gov¬ 
ernment computer and communications 
systems, and for developing appropriate 
security standards and guidelines, as well 
as providing technical assistance to other 
agencies; 

• r^uires NBS to develop guidelines for use 

in training Federal personnel in computer 
security; 

• defines unclassified, but sensitive infor¬ 

mation broadly to include information, 
'the loss, misuse, or unauthorized access 
to, or modification of, which could ad- 


"■'H. R. 145, The Computer Security Act of 1987, J an. 6, 1987, 
and report 100-153, Parts 1 and 2, J une 11, 1987. 


versely affect the national interest or the 
conduct of Federal programs, or the pri¬ 
vacy to which individuals are entitled 
under. . . the Privacy Act . . ."; and 

• provides an advisor-y role for NSA to NBS 
concerning safeguard technology, but 
does not affect NSA's responsibilities for 
safeguarding classified information. 

HR 145 establishes agency responsibilities 
for the development and standardization of 
safeguards to protect sensitive information 
against loss and unauthorized modification or 
disclosure, and to prevent computer-related 
fraud and misuse. As part of its role, NBS 
would develop standards and validation pro¬ 
cedures for safeguards, provide liaison with 
other Government agencies and private orga¬ 
nizations, and assist Federal agencies and the 
private sector in applying NBS-developed 
standards and guidelines. An advisory board 
would be established to assist NBS, which 
would include NSA representation. 

Congressional hearings were conducted on 
HR 145 and NSDD 145 on February 25 and 
26 and on March 17, 1987, by the Subcommit¬ 
tee on Legislation and National Security of the 
House Committee on Government Operations. 
J oint hearings were also held on February 26, 
1987 by the Subcommittee on Science, Re¬ 
search, and Technology, and the Subcommit¬ 
tee on Transportation, Aviation, and Materi¬ 
als of the House Committee on Science, Space, 
and Technology. 

The hearings were significant because they 
allowed representatives of important scientific. 


7[)-9, ’1 0 - 87 - 8 
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professional, and trade groups to publicly ex¬ 
press their concerns. Witnesses at the hear¬ 
ings commenting on their experiences or views 
on NSDD-145 were generally negative or ap¬ 
prehensive. Their comments tended to focus 
on three main points: 

1. NSA's expanding role in civilian agency 
and private sector computer security; 

z. the "disruptive," "counterproductive" ef¬ 
fects of NSA's restrictions on U.S. banks' 
use of NSA-provided cryptographic al¬ 
gorithms; and 

3. apprehension regarding potential DoD 
controls on unclassified information. 

Many witnesses at these hearings were con¬ 
cerned that, under NSDD-145, the Govern¬ 
ment would restrict access to information in 
public libraries, engineering and scientific pub¬ 
lications, and Government and commercial on¬ 
line databases. Challenges were raised as to 
the authority of the Government to withhold 
unclassified information from the public, the 
effect on First Amendment protections, and 
potential damage to the free flow of informa¬ 
tion in society and to the principle of open gov¬ 
ernment 

I n response, DoD officials assured the sub¬ 
committees that NSDD-145 would not extend 
the authority of DoD or NSA to control ac¬ 
cess to unclassified, but sensitive information, 
nor would it apply to information in the pri- 


■^^See, for example, testimony of the Information Industry 
Association, the Institute for Electrical and Electronic Engi¬ 
neers, the American Library Association, the Association of 
Research Libraries, theAmerican Physics Society, David Kahn, 
and theAmerican Civil Liberties Union. 


vate sector or to Government information sub¬ 
ject to release under the Freedom of Informa¬ 
tion Act. In commenting about the purposes 
of NSDD-145, these officials pointed out that 
the Government needs to prevent invasions 
of citizens' privacy, the obtaining of unfair 
advantage in business dealings, and avoidance 
of law enforcement efforts,*once again ad¬ 
dressing the question of the scope of national 
security interests. 

During the course of these hearings, the def¬ 
inition of unclassified, but sensitive informa¬ 
tion provided in NTISSP No. 2 was rescinded 
and the National Security Council initiated a 
review of NSDD-145 aimed at reducing or elim¬ 
inating its operational role.*At about the 
same time, civilian agency participation in 
NTISSC was expanded."^ 

These current congressional activities are 
the latest attempt to grapple with the diverse 
issues surrounding information security pol¬ 
icy, many of which are of long standing. 
Regardless of the outcome of HR 145, the fun¬ 
damental issues-such as the separation of 
power, the role of the Government, and the 
boundaries between military and civilian 
agency responsibilities-will require reexami¬ 
nation to determine the appropriate balance 
of national interests. 


‘*'Op.cit., Latham testimony, Feb. 26, 1987. 

‘‘^Letters from Frank Carlucci, Assistant to the President for 
National Security Affairs to Congressman J ack Brooks, Chair¬ 
man, Committee on Government Operations, U .S. Flouse of Rep¬ 
resentatives, Mar. 12 and 17, 1987; Letter from Floward FI. 
Baker, Chief of Staff to the President, to Congressman J ack 
Brooks, Mar. 16, 1987. 

‘‘^From material provided by NSA staff to OTA, Dec. 22, 
1986. 
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Chapter 7 

Federal Policy Issues and Options 


INTRODUCTION 


Policy formulation in the area of informa¬ 
tion security is important today and will be¬ 
come more so in the coming decade and be¬ 
yond. Its importance stems from the broad 
impact of electronic information on society and 
the potentially major applications of safeguard 
technology for commerce and government. 

As discussed earlier in this report, applica¬ 
tions of information safeguard technology are 
already being adopted to improve the effi¬ 
ciency, integrity, and control of business and 
Government automated transactions, and to 
improve their confidentiality as well. Much 
larger and more pervasive applications for 
commerce and society are foreseen, further 
stimulated by continu^ advances in this tech¬ 
nology. 

The Influence of Federal Policies 

Federal policies can have a strong influence 
on the development and use of information 
safeguards. Policies may encourage private in¬ 
vestment in safeguard technologies or, on the 
other hand, can discourage such activities. 
Chapters 5 and 6 provide a number of exam¬ 
ples of policies and programs that have a com¬ 
bination of these effects. For example, the Gov¬ 
ernment can stimulate the use of saf^uards 
by setting technical standards, requiring spe¬ 
cific message authentication and verification 
procedures for certain applications, and issu¬ 
ing performance guidelines and specifications. 

On the other hand, secret Government de¬ 
signs for safeguards may result in high-qualit y, 
federally endorsed commercial safeguards, but 
discourage independent innovation in the pri¬ 
vate sector. Secret designs also foster private 
sector dependence on the Federal Government 
for equipment validation and certification, and 
the provision of replacement designs. 

In the defense and intelligence communities, 
however. Government controls are seen as vi¬ 


tal to U.S. signals intelligence interests. Tech¬ 
nical and other controls on access to unclassi¬ 
fied, but sensitive information in automated 
systems are being considered as a means for 
regulating the export of valuable information 
to foreign interests. 

Federal policies require adjustments over 
time as the external environment changes. 
During an earlier era when protecting Govern¬ 
ment-classified communications from foreign 
exploitation was virtually the only objective, 
policies shaped exclusively by this ne^ went 
unchallenged and tensions with other national 
objectives were nonexistent or minimal. Now, 
however, the objectives of Federal policy are 
increasingly expanding to include nondefense 
interests, such as the prevention of embezzle¬ 
ment of electronic funds transfers, the disrup¬ 
tion of public services (e.g., air traffic control 
and Social Security transfer payments), and 
the theft of proprietary information from U. S.- 
owned firms by foreign competitors. At the 
same time, the expansion of earlier policies cen¬ 
tered on national security and Government 
controls is creating tensions with other na¬ 
tional interests. Thus, new objectives are be¬ 
coming important and a different balance for 
Federal policy may be more appropriate. 

Factors Influencing Information 
Safeguard Developments 

Flow and when society fully realizes the po¬ 
tential benefits of information safeguard tech¬ 
nology will be determined by a number of fac¬ 
tors. One is the aggregate need of users. We 
can anticipate two effects from those needs: 
1) that private sector users will increasingly 
set the pace in new applications of safeguard 
technology; and 2) that market forces will re¬ 
spond to user demand for new products, ab¬ 
sent Government-imposed constraints. 
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A second factor concerns the net effect of 
Federal policies on stimulating private sector 
developments. Federal policies to date have 
helped some developments in computer and 
communications security technology and hin¬ 
dered others. (See chs. 4 and 5.) 

A third influence concerns private sector in¬ 
novation itself. The occurrence and rate of in¬ 
novations is unpredictable. Important ad¬ 
vances, such as public-key cryptography, have 
occurred without Federal encouragement. Yet, 
Federal policies can affect the climate for 
creativity by stimulating research or, alterna¬ 
tively, creating a chilling effect. 

In this view. Federal policies have a signifi¬ 
cant, but not the sole influence on private 
sector developments. Nevertheless, they are 
particularly important because today's tech¬ 
nology is still immature and market demand 
limited and, in some cases, fragile. Therefore, 
the policies of nations that are at the forefront 
of technological development and innovative 
applications, such as the United States, will 
have a major impact on the pace and direction 
of private sector advances in information 
security. 

The National Security Influence 
in Policy Formulation 

An analysis of information security issues 
in a report based entirely on unclassified data 
is hindered by a number of factors, one of which 
is the strong influence of classified informa¬ 
tion in shaping policy development. Neither 
Presidential Directive/National Security Coun¬ 
cil 24 (PD/NSC-24) nor National Security De¬ 
cision Directive 145 (NSDD-145), for example, 
were debated openly. I n fact, they were clas¬ 
sified while being developed, although even¬ 
tually unclassified versions were issued. Thus, 
the process of policy development, at least 
within the executive branch, has been a rela¬ 
tively closed one. 

Secrecy is also an important factor in pol¬ 
icies concerning the development of cryptog¬ 
raphy. Unlike other safeguard technologies 
useful in computer security, cryptography is 


the mainstay for providing confidentiality and 
integrity of information that is unprotected by 
physical or hardware/software security meas¬ 
ures (as when such information is in transit 
on a network). Cryptography allows the United 
States to safeguard its classified defense and 
diplomatic communications. The absence of 
high-quality encryption in foreign communi¬ 
cations makes possible some U.S. signals in¬ 
telligence operations. Because of these defense 
and intelligence community interests and the 
general lack of nondefense interests in earlier 
times, public policy concerning cryptography 
has tended to be shaped and controlled by the 
Department of Defense (DoD). 

Until recently, policy directions based exclu¬ 
sively on national security concerns adequately 
served the Nation's needs, with little visible 
impact on the rest of society. That situation 
is changing, spurred in large part by new op¬ 
portunities and challenges created by techno¬ 
logical change, continued pressure to improve 
business and government operations, and the 
emerging internationalization of applications 
of this underpinning technology. This chang¬ 
ing environment also Is likely to bring further 
challenges to policy makers as the needs of so¬ 
ciety continue to change both in the United 
States and abroad. 

Interrelated Federal Policies 
and Changing Concerns 

National security interests clearly have an 
Important and continuing place In Federal In¬ 
formation security policies. The prospect of 
worldwide use of high-quality information 
security safeguards threatens U.S. signals in¬ 
telligence operations, as does the dissemina¬ 
tion abroad of critical technical data on infor¬ 
mation security. As technology continues to 
advance and as safeguards for computers and 
communications systems come into wider use 
worldwide, the effectiveness of U.S. signals in¬ 
telligence may become more limited and its pri¬ 
ority lowered among national objectives. 

Another policy involves control of access by 
foreign governments to commercial databases 
in the United States that contain unclassified. 
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but sensitive information. On-line databases 
allow rapid access and sorting through a 
wealth of information. Defense and intelligence 
agencies seek to prevent foreign intelligence 
agencies or businesses from acquiring valuable 
technical data that can help other countries 
compete with the United States militarily or 
economically. 

Government concerns about communica¬ 
tions and computer security, signals intelli¬ 
gence, and controls on foreign access to un¬ 
classified information change with time. PD/ 
NSC-24, for example, elevated attention about 
the vulnerability y to misuse of communications 
systems to Federal policy status. Now, there 
are a number of DoD programs, some of which 
are classified, to reduce those vulnerabilities. 
Similarly, computer security was just being 
identified as an area warranting Federal con¬ 
cern in the early 1970s. Today, substantial re¬ 
sources are being applied to bolster computer 
security. Now, concern is extending to encom¬ 
pass access to Government databases, such 


POLICY 

The preceding sections and chapters raise 
questions as to the appropriate overall objec¬ 
tives of Federal policies, the direction in which 
current policies may lead, and whether or not 
other alternatives might better serve the Na¬ 
tion's interests. Based on the needs of the 
different stakeholders, e.g., businesses, scien¬ 
tific organizations, and civil, defense, and in¬ 
telligence agencies, it is clear that each would 
provide a considerably different perspective 
to an analysis of policy options. 

Important Trends for Policy 

Chapter 6 described some of the Government 
efforts during the past few decades to solve 
particular problems through controls on un¬ 
classified information. In recent years. Gov¬ 
ernment efforts have included restrictions, for 
example, on the dissemination of unclassified 
technical reports from the National Aeronau¬ 
tics and Space Administration and potential 


as the Defense Technical Information Center 
and the National Technical Information 
Service. 

Still another change is foreseeable. For ex¬ 
ample, the proliferation of information secu¬ 
rity technology could further broaden the scope 
of national security concerns. Within a decade, 
good quality, inexpensive, easy-to-use com¬ 
puter and communications safeguards may be 
used worldwide for many applications. That 
could shift attention away from the central na¬ 
tional security issues of today, possibly toward 
countering the use of secret transactions for 
conducting illegal or subversive business. 

Almost at the same time that these changes 
in Federal concerns have been taking place, the 
trend in private sector users' needs for infor¬ 
mation security can now be seen as overlap¬ 
ping some of the Government's applications 
requiring message authentication, user veri¬ 
fication, auditing of transactions, confirmation 
of authorizations, and confidentiality. 


restrictions on access to Government informa¬ 
tion of the National Technical Information 
Service and the Defense Technical Information 
Center, as well as access to information in com¬ 
mercial database services. Thus, there has been 
a tendency in Federal policy toward greater 
control of selected information and, recently, 
of access to information in certain types of sys¬ 
tems. Some of these policies have not recog¬ 
nized the needs of the public. 

Because computers, information systems, 
and communications networks are changing 
so rapidly, policies based only on current needs 
are likely to become outdat^ quickly. Policies 
are needed that are flexible and anticipate the 
changing needs of industry and society. The 
factors discussed below are among those that 
are changing. They will significantly influence 
future policy deliberations, either because of 
changes in the policy environment or because 
of the public's attitude about Federal policies 


ANALYSIS 




154 . Defending Secrets, Sharing Data: New Locks and Keys for Electronic Information 


that affect business operations and the free 
flow of information. Each provides insights 
into future directions for policy. 

• Although some important improvements 

are foreseeable in the confidentiality of 
public communications systems, these are 
likely to be uneven. Many segments of 
these systems will remain vulnerable to 
exploitation by those with appropriate re¬ 
sources. 

To the extent that DOD programs de¬ 
pend on encouraging businesses to pay in¬ 
dependently for reducing the vulnerabili¬ 
ties of their communications against 
Soviet or other foreign government inter¬ 
ception, failure is likely since business 
profits are not perceived to be affected. 
There are strong indications, however, 
that some nondefense users will have busi¬ 
ness reasons to protect the integrity of cer¬ 
tain of their information in computer and 
communications systems and the confi¬ 
dentiality of selected communications. 
Both interests can be served with crypto- 
graphic-based safeguards. 

• A broad range of techniques for safeguard¬ 

ing unclassified information in computer 
systems and networks are available or are 
being developed. Private sector capabil¬ 
ities to develop these safeguards to meet 
their own needs are significant and ex¬ 
panding. 

• Academic researchers and businesses 

have begun to demonstrate a level of ex¬ 
pertise in developing certain types of 
cryptographic-based safeguards (e.g., the 
Data Encryption Standard and two-key 
systems). Further developments in this 
field are unpredictable. However, based 
on recent experience. Federal support for 
private innovation through unclassified 
research could yield promising results. 
Any additional major advances may also 
result in still more valuable new appli¬ 
cations. 

These trends highlight a serious 
dilemma for Government policymakers: 
How to maintain effective signals Intelli¬ 
gence while simultaneously encouraging 


the development and use of more secure 
systems for communications and comput¬ 
er systems. For example, encouraging un¬ 
fettered private sector innovation in cryp¬ 
tography increases the chance of major 
technological advances that benefit com¬ 
merce and society. But perhaps another 
country will use the same technology to 
protect its own electronic information 
from U.S. intelligence operations. On the 
other hand, if the National Security 
Agency (NSA) provides nondefense users 
with safeguard technology, the foreign in¬ 
terception and access threat may be re¬ 
duced earlier, but the ready availability 
of "adequate" solutions from NSA may 
act as a disincentive for the private sec¬ 
tor to develop solutions better tailored to 
its unique requirements. 

• Although the current trends are not yet 

altogether clear, there are indications that 
businesses have diverse and specialized 
needs for cryptographic-based systems 
and other safeguards for a variety of non¬ 
defense applications. 

Almost certainly, no Federal agency will 
be able to satisfy the diverse needs of 
many of these users with Government- 
designed systems, especially If significant 
constraints must be placed on users. 

Private sector capabilities for develop¬ 
ing computer and communications safe¬ 
guards can meet most of the demand of 
Government agencies and other users. For 
the procurement of other commercial prod¬ 
ucts, the typical practice among Federal 
agencies would be to provide their specific 
performance requirements and to pur¬ 
chase competitively. The arguments fa¬ 
voring a central role for DOD/NSA in 
carrying out these responsibilities are be¬ 
coming less convincing, although there is 
a clearer need for NSA technical assis¬ 
tance in selected areas, such as cryptanal¬ 
ysis and equipment evaluation. 

• Flexible Federal policies with minimal re¬ 

straints are likely to have abetter chance 
of success than others. The banking indus¬ 
try's experience with NSA's planned re¬ 
strictions Indicates that Government-pro- 
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vialed safeguards, with rigid restraints 
associated with their use, are not likely 
to satisfy the needs of business users. (See 
ch. 5.) 

• There is international demand for im¬ 
proved safeguards and foreign capabilities 
for developing them. (See ch. 5.)' 

• DoD efforts to restrain or monitor foreign 
access to commercial on-line databases 
have already raised public concerns. (See 
ch. 6.) Further, these services are becom¬ 
ing a significant industry in the United 
States and a source of U.S. exports.' 

Government efforts to control access to 
commercial databases are likely to con¬ 
tinue to be resisted by this rapidly grow¬ 
ing, competitive industry. 

Today, NSA appears to be attempting to re¬ 
tain as much control or influence as is practi¬ 
cal in these matters. The controls are exercised 
mainly through authority provided under 
NSDD-145 and various NSA programs, includ¬ 
ing those that stimulate the availability of com¬ 
mercial safeguard products. Yet, the above 
trends suggest that Federal policies concern¬ 
ing the development and use of safeguard tech¬ 
nology, and access to unclassified, but sensi¬ 
tive information in commercial databases, will 
have to be carefully aligned with changing and 
more intensive domestic and international 
business interests and with congressional and 
other institutions. 

Some businesses are unaffected by DoD ini¬ 
tiatives, such as those that improve the con¬ 
fidentiality of common carrier communications 
systems or that r^uire Government-reim¬ 
bursed voice protection equipment to be used 
by defense contractors when discussing unclas- 


‘ Richard I. Polis, “European Needs and Attitudes Toward 
Information Security' (unpublished), Telecommunications Pol¬ 
icy and Research Conference, Airlie, VA, Sept. 30, 1987. 

^'These companies had revenues of $3.65 billion in 1984. 
Christopher Burns and Patricia Martin, 'The Economics of in¬ 
formation, 1985, OTA contractor report No. 433-9520. 

The industry had 486 companies by 1986. The number of data¬ 
base producers worldwide increased from 221 in 1979 to 1,500 
in 1986, while the number of databases increased from 400 to 
3,200 during that same period. OTA staff interview with Ken¬ 
neth Allen, Information Industry Association, February 198'7. 


sified, but sensitive information by telephone, 
still other businesses are likely to support Gov¬ 
ernment initiatives that enhance their opera¬ 
tional needs, such as Federal endorsement of 
data encryption algorithms and certification 
of commercial safeguard equipment. But 
others are likely to oppose any Federal policies 
that detract from trade, innovation, open sci¬ 
ence, and civil liberties. 

Finally, there are questions raised about 
which branch of Government should make pol¬ 
icy on information security. Both the execu¬ 
tive and the legislative branches have adopted 
policies that show few signs of coordination. 
The executive branch has been most active in 
recent years, notably with NSDD-145, and the 
defense and intelligence communities, specifi¬ 
cally NSA, have been the principal implement- 
ers. Executive branch policies have been based 
primarily on national security considerations. 

National Values and Objectives 

Because there are important stakes at risk 
for the Nation in formulating policy for safe¬ 
guarding information. Congress has to care¬ 
fully consider what the Government's broad 
goals are that these policies seek to protector 
encourage. Although there are often strong 
differences of opinion on the merits of specific 
Federal policies, there seems to be broad agree¬ 
ment on the types of goals that such policies 
might aim to achieve. Some of these goals are 
to: 

• foster the ability of the private sector to 
meet the evolving needs of businesses and 
civil agencies for safeguard technology, 

• minimize risks to U.S. signals intelligence 
from private sector developments, and 

• clarify the roles of Federal agencies con¬ 
cerning unclassified information and the 
development and use of technology to pro¬ 
tect it. 

At the same ti me, achievement of the fol Iow- 
ing, more general goals may also be desirable: 

Z promote competition, innovation, and 
trade; 

Z separate, where practical, defense and in- 
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tel I igence agencies' responsibilities from 
those of the private sector and civilian 
agencies; 

• retain a freeflow of information and an 
open society, while encouraging privacy; 
and 

• minimize or reduce the tensions between 
Federal policies and private sector ac¬ 
tivities. 


Levers for Implementing Policy 

A number of incentives and constraints can 
be used to implement policies regarding safe¬ 
guard technologies. These include programs 
to certify vendors' equipment, transfer tech¬ 
nology, standardize designs, procure devices, 
and encourage the development and use of im¬ 
proved safeguards. Controls on exports and 
patents are clear examples of constraints. The 
funding of research by the Government can 
be either a constraint (e.g., by keeping the re¬ 
sults classified) or an incentive. 

Depending on how some of these levers are 
actually used, they could simultaneously pro¬ 
mote and restrain private sector activities. Cur¬ 
rent Government practices in transferring 
cryptographic technology to the private sec¬ 
tor appear to accomplish both. They also il¬ 
lustrate how policy levers can be used. For ex¬ 
ample, providing a few manufacturers with 
high-quality, inexpensive, tamper-prcxjf, 
Government-certifi^ cryptographic devices 
whose design is secret may meet the immedi¬ 
ate needs of private sector users and vendors 
for certified systems. Simultaneously, national 
security objectives are served by encouraging 
the use of improved safeguards. I n addition, 
the Federal Government can control the ex¬ 
port of these products, in part because the 
underlying technology is produced by a limited 
number of U.S. companies for NSA. At the 
same time, however, this approach discourages 
further private sector innovation since it is un¬ 
likely that many users will want or that man¬ 
ufacturers will produce competing products 
that lack NSA certification and have limited 
demand. 


Also, some policies may encourage continued 
private sector dependence on the Federal Gov¬ 
ernment while others are more likely to lead 
toward an independent technical competence 
in the private sector for meeting its own needs. 
These effects are treated in more detail in the 
subsequent section that evaluates alternative 
policy options. 

The focus of decisionmaking, however, is on 
the respective roles of NBS and NSA, and im¬ 
plementing policy around these roles. 

Alternative Policy Options 

Several options exist for national policy. 
They can be distinguished mainly by the de¬ 
gree of centralization within the Federal Gov¬ 
ernment, the level of involvement in or con¬ 
trol of private sector activities exercised by 
the Government, the separation of defense and 
nondefense interests, the importance of na¬ 
tional security, and the flexibility of the pri¬ 
vate sector in developing information technol¬ 
ogy safeguards to meet its needs. Table 14 
illustrates the options in their main division 
of responsibilities between the National Bu¬ 
reau of Standards (NBS) and NSA. 

Option 1: Centralize Federal activities relat¬ 
ing to safeguarding unclassified information 
in Government electronic systems under the 
National Security Agency. 

Option 2: Continue the current practice of de 
facto NSA leadership for communications 
and computer security, with support from 
the National Bureau of Standards. 

Option 3: Separate the responsibilities of NSA 
and NBS for safeguard development along 
the lines of defense and nondefense re¬ 
quirements. 

In Option 3, additional choices can be 
made. 

A: Provide Federal support to specify, de¬ 
velop, and certify safeguards for busi¬ 
nesses and civilian Government agencies. 
NBS would be the focal point for all safe¬ 
guard standards for unclassified informa¬ 
tion. This option most closely resembles 
HR 145. 
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Table 14.—Policy Options 


Responsibilities 
for developing 
standards 

Option 1 

Option 2 

Option 3 

Option 3A 

Support private 
standards 
develop_ment 

Option 3B 
Market forces 

Centralize under 
NSA 

Continue current 
practice 

Separate defense 
and nondefense 

for unclassified 
needs 

All classified . . 

. . NSA 

NSA 

NSA 

NSA 

NSA 

Unclassified 

Communications: 

Defense . 

. . NSA 

NSA 

NSA 

NBS 

NBS 

Nondefense . . . 

. . .NSA 

NSA 

NBS^ 

NBS^ 

N BS^ 

Computer: 

Defense ...... 

. . NSA 

NSA 

NSA 

NBS 

NBS 

Nondefense . . . 

. NSA 

NSA 

NBS'^ 

NBS^ 

NBS'^ 

Key distinctions ... . 

. Centralization, 

NSA leadership 

NSA defacto 
leadership 

Mixed technical 
leadership 

Commonality with 
non government 
safeguards 

Commonality with 
non government 
safeguards 
Private sector 
leadership 


aRefers toNBS’s corn-m u n i cat lonssecurity standards responsibi li ties affiliated wit h computer security 
^Referst. nbs s standards responsibilities under the Brooks Act (Public Law 89-306) 


SOURCE Off Ice of Technology Assessment 1987 


B: Allow free market forces to develop safe¬ 
guards for nondefense needs, with NBS 
acting as the focal point for Government 
needs for safeguards for unclassified in¬ 
formation. NSA specifies the require¬ 
ments of DoD and defense contractors 
and provides technical advice for other 
users. 

The discussion of these policy options as¬ 
sumes that NSA would retain responsibility 
for matters relating to classified information 
in computer and communications systems un¬ 
der all options and that complementary NBS 
and NSA activities would be coordinated as 
necessary. 

Options 1 and 3 would clarify the present 
confusion concerning the roles of NSA and 
NBS. Option 1 would provide one focal point 
in the Federal Government for efforts to de¬ 
velop safeguard technology for unclassified 
information in Government systems. This op¬ 
tion would make use of NSA's technical ex¬ 
pertise in cryptology and would concentrate 
the focus of U.S. policy toward national secu¬ 
rity objectives. The role of NBS in safeguard 
development would either be terminated or re¬ 
duced to those civilian agency requirements 
that support NSA's role. 


Option 2 would continue the current conflict¬ 
ing authorities assigned to NBS and NSA. It 
would also continue the current practice of 
NSA having de facto leadership in developing 
communications and computer security stand¬ 
ards for the Nation, including increasing dom¬ 
inance over the development of cryptography. 
NBS would retain its current modest role in 
developing occasional, consensual technical 
guidelines and standards for civilian agency 
use. 

Option 3 would assign to NBS responsibility 
for developing safeguards for all Government 
agencies' needs other than those specifically 
assigned to NSA. NSA would provide techni¬ 
cal assistance to NBS, as needed. Under this 
option, NSA would be responsible for only 
those safeguard standards and developments 
required exclusively by defense agencies. 

Option 3A would look to a nongovernment 
group or organization to take a lead role in de¬ 
veloping consensual guidelines and standards 
for safeguarding unclassified information in 
private sector and civilian agency systems. 
Both NBS and NSA would actively support 
these private sector activities. NBS would 
serve as the focal point for civilian and defense 
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agency standards for safeguarding unclassi¬ 
fied information. As in Option 3, NSA would 
be responsible for providing advice to the non¬ 
government standards group. 

Option 3B is similar to Option 3A, except 
that the Federal role would be diminished fur¬ 
ther. It would abandon Federal responsibili¬ 
ties for developing safeguards for unclassified 
information and, instead, would look to the 
market place to meet both private sector and 
civilian agency requirements. NBS would serve 
as the Government focal point for the needs 
of Government agencies for safeguards for un¬ 
classified information. 

Evaluation of Options 

The national values and objectives described 
earlier provide a useful starting point for com¬ 
paring the policy options. It is apparent that: 

The ability of the private sector to meet its 
own needs is fostered as the Government in¬ 
creasingly allows the marketplace to satisfy 
agencies' needs. In computer security, where 
industry and the private sector have histori¬ 
cally led, NSA's trusted computer security 
program has benefited from significant man¬ 
ufacturer input. In cryptography, the commer¬ 
cial communication security endorsement pro¬ 
gram has limited the scope of manufacturer 
innovation of encryption algorithms, reflect¬ 
ing the historical NSA domination of this tech¬ 
nology. In the area of network protocols, the 
interface between computer security and cryp¬ 
tography, there has been significant "give and 
take" between NSA and the private sector par¬ 
ties directly involved in the development of 
standards. 

On the other hand, U.S. signals intelligence 
capabilities would be better-protected if con¬ 
trol of private sector developments in (cryp¬ 
tography-based) safeguards are centralized un¬ 
der NSA. I n the extreme case of relatively un¬ 
fettered free market forces, there is a risk that 
signals intelligence will suffer as foreign Intel¬ 
ligence targets benefit from safeguard prod¬ 
ucts or designs developed by U.S. industry. 
Other factors that will affect the transfer of 
technology abroad Include the effectiveness of 


U.S. export control regulations and the avail¬ 
ability of comparable technology from foreign 
sources. 

The current situation, which has produced 
considerable controversy and confusion, is es¬ 
sentially Option 2. Almost any option would 
represent an improvement in clarifying the 
roles of NBS and NSA. This is true whether 
responsibilities are centralized in one agency 
or divided according to divisions such as clas¬ 
sified and unclassified information, defense and 
nondefense, or almost any other scheme. 

Diminishing NSA's role is likely to reduce 
tensions between Federal policies and private 
sector activities in safeguard development and 
use. Similarly, such tensions are likely to de¬ 
cline as defense and intelligence interests are 
separated from nondefense interests. 

Each of these options have other advantages 
and disadvantages that distinguish them. 
None offers a completely favorable assessment 
based on the objectives against which they are 
being evaluated. For example: 

Option 1: 

Pros; The key advantage that distinguishes Op¬ 
tion 1, in addition to clarifying the responsi¬ 
bility of the National Security Agency, is the 
ability to maximize NSA's control over pri¬ 
vate sector activity in safeguard development, 
particularly those based on cryptography. 
That will allow it to minimize the risks to U.S. 
signals intelligence from independent private 
sector developments. Option 1 would be pre¬ 
ferred if signals intelligence were the only or 
even the predominant policy consideration. 
Cons: The main disadvantages are the likely af¬ 
fects of blurring defense and intelligence and 
civilian interests, and raising tensions due to 
differences in needs. Option 1 would probably 
have a stultifying effect on private sector in¬ 
novation. The latter problem is most likely to 
occur in cases where new developments of 
value to society are detrimental to intelligence 
operations. The absence of a Federal stand¬ 
ard for public-key cryptography, in spite of 
its obvious need, is an example of the effect 
of such a conflict. 

Option 2: 

Pros: This option retains most of the advantages 
of Option 1 while retaining a civilian agency 
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to interact with private sector users, vendors, 
and standards organizations. In this role, 
NBS would maintain an awareness and per¬ 
haps advocacy of the needs of civilian users. 

Cons: Perhaps the most prominent shortcom¬ 
ing is the lack of clarity between the roles of 
NBS and NSA concerning information secu¬ 
rity. In the current situation, NBS has statu¬ 
tory responsibility for the development of 
computer security standards and for serving 
as the Government’s representative in tech¬ 
nical standards organizations. At the same 
time, NSDD-145 has assigned similar respon¬ 
sibilities to NSA, which is charged with 
reviewing and approving all standards, tech¬ 
niques, systems, and equipment for telecom¬ 
munications and automat^ information sys¬ 
tems security. This option also suffers from 
the problems of Option 1. 

Option 3: 

Pros; The division of responsibilities clarifies the 
roles of N BS and NSA, and provides for sep¬ 
aration between defense and nondefense 
needs. This option also affords an opportunity 
to consolidate the Government nondefense 
needs with comparable needs of the private 
sector and to reduce tensions between defense 
and intelligence interests and those of the pri¬ 
vate sector. 

Cons: The main shortcoming of this option con¬ 
cerns a lessening of NSA control of private 
sector innovation and its potential for dam¬ 
age to U.S. signals intelligence capabilities. 
This option also risks diluting a market that 
is already fragile by encouraging the adoption 
of different standards for defense and non¬ 
defense applications. 

Option 3A: 

Pros: Option 3A also would promote competi¬ 
tion and private sector competence to meet 
its own needs and reduce tensions through in¬ 
creased Government dependence on and align¬ 
ment with industry standards. 

Cons: The main shortcoming, once again, con¬ 
cerns the potential damage to U.S. signals in¬ 
telligence capabilities. 

Option 3B: 

Pros: The advantages are similar to those of Op¬ 
tion 3A, but Option 3B further frees market 
forces and makes the Government dependent 
on the private sector rather than the other 
way around. 


Cons: As in Option 3A, the main shortcoming 

is in potential damage to U.S. signals intelli¬ 
gence operations. 

There are other factors for Congress to con¬ 
sider in evaluating the options. These include 
the resources required to carry out agency 
responsibilities under the various options, the 
ne^ to carry out extensive coordination with 
commercial users and others in the develop¬ 
ment of standards, the ability to engender the 
trust of users, vendors, scientists, and others, 
and the ability to carry out needed research 
to benefit users generally. 

It should also be recognized that NSA's tech¬ 
nical expertise will bean important part of any 
of the options, eg., evaluating safeguard tech¬ 
niques and equipments, especially those em¬ 
ploying cryptographic methods. 

As a practical matter, the resources avail¬ 
able to NBS and NSA have not been compara¬ 
ble. NBS's budget for computer-related secu¬ 
rity standards has been about $10 million or 
less during recent years, and a staff of about 
10 professionals, while NSA's National Com¬ 
puter Security Center alone employs some 300 
people. (NSA's budget is classified.) For op¬ 
tions in which NBS or NSA have a significant 
role in standards development, their efforts 
need to be coordinated with the needs and 
activities of the private sector. Although this 
study has not attempted to estimate the re¬ 
source requirements under any of the options, 
some options would require changes in the 
funding levels of either or both NBS and NSA. 
In addition, it can be anticipated that any sig¬ 
nificant increase in responsibilities for the de¬ 
velopment of information safeguard technol¬ 
ogy will suffer from start-up problems, such 
as maintaining a high level of staff expertise, 
as has been the experience at NSA's National 
Computer Security Center. 

There are a number of assumptions implicit 
in some of the options. One is that public 
acceptance of NBS standards would be based 
on the open scrutiny and consensual decisions 
that usually accompany the workings of civil¬ 
ian agencies. This assumption may not apply 
to NSA in a comparable standards-setting role 


0 - 87 - 6 
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given the secretive way the agency normally 
operates and its unilateral decision to replace 
DES with a secretly developed algorithm. 

None of the options make allowance for con¬ 
ducting research. Yet, OTA's analysis indi¬ 
cates that society's evolving information needs 
depend on continuing innovations in safeguard 
technology. Based on observations of the rapid 
acceptance of DES and public key cryptog¬ 
raphy for business applications, it seems clear 
that there are ready applications for innova¬ 
tions but a limited supply of them. For now, 
NSA is the main source of innovation in the 
Federal Government. However, its signals in¬ 
telligence mission is likely to prevent the dis¬ 
semination abroad of U.S. innovations. Be¬ 
cause of this constraint, innovations generated 
by NSA may not be made available to the pub¬ 
lic at all. 

Generally, there has been little motivation 
for industry to sponsor long-term research 
from which It cannot benefit on a proprietary 
basis. However, the quality of proprietary 
cryptography tends to be suspect by some U .S. 
critics.^In this situation, the Government 
may decide to undertake research into selected 
safeguard technologies. Research into crypto¬ 
graphic technology is likely to raise concerns 
for national security if undertaken openly by 
NBS and concerns about public trust if under¬ 
taken secretly by NSA. 


'There are, however, indications that many Western Euro¬ 
pean businesses find proprietary cryptography acceptable, 
according to consultant Cipher Deavours. OTA staff commu¬ 
nications, May 1987. 


There is also the practical question of how 
effective restrictions imposed by the United 
States on its citizens might be' if foreign in¬ 
novations, publications, and product manufac¬ 
ture and export are not subject to comparable 
restraints. 

Policy Observations 

There are no options for Federal policy that 
clearly and simultaneously foster all national 
goals without harming some. The alternatives 
differ mainly in which Government agency 
leads In the development of safeguard technol¬ 
ogy, the level of Federal encouragement or con¬ 
trol of private sector innovation, and in flexi¬ 
bility to adjust to changing needs of businesses 
and society. 

Three main observations result from OTA's 
analysis: 

1, None of the policy options simultaneously 
satisfy all objectives. 

2, Excessive accommodation of either busi¬ 
ness or defense and intelligence concerns 
could damage overalI U.S. interests. 

3, A process for weighing competing na¬ 
tional interests is needed. Centering pol¬ 
icymaking in the Department of Defense 
alone, and in particular NSA, would make 
that difficult. 


"Richard I. Polls, "European Needs and Attitudes Toward 
Information Security" (unpublished). Telecommunications Pol¬ 
icy and Research Conference, Air-lie, VA, Sept. 30, 1987. 
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jear ur. Gibbons: 


The Committee on Government Operations is concerned about the potential for abuse of 
the telecommunication and related information systems used by the Federal Government. 
Despite the existence of laws requiring court orders to tap and/or tape telephone communi¬ 
cations, there appear to be growing capabilities for surveillance of Federal phone calls 
and data transmissions, posing both security as well as individual privacy problems. A 
preliminary investigation indicates that presently there are no laws or regulations that 
adequately guide the proper use of this information and none that specifically prohibit 
the abuse of much of this information. Indeed, it is apparent that little has been done 
to determine the overall capacity for abuse of these communications systems or to develop 
nethods of stopping such abuse. 

A number of changes are occurring in the Federal telecommunication and other informa¬ 
tion systems that may be further contributing to this problem. First, the fundamental 
technology of telecommunications is changing, as are the ways in which information systems 
are being used and managed. Second, the number and types of applications of computer and 
:ommunications technologies are increasing at a rapid rate, many of which have few safe¬ 
guards against abuse. Finally, deregulation of the telecommunications services Industry 
Tds shifted responsibility for the operating portions of the communications system from 
the telephone companies to the Federal agencies. 

As we all know, It has been possible for decades to record telephone conversations 
surreptitiously. Today's technology, however, makes possible data col I ecti on and moni¬ 
toring with aneaseand on a scale never before realized. Tracing Incoming calls; auto¬ 

matically recording the numbers, times, and durations of all incoming and outgoing calls; 
and recording prearranged conference calls are now features of many telephone systems. 

Other information systems used by the Federal Government, such as personal computer work 
stations as well as mainframes and centralized computer service systems, provide even 
more avenues for surreptitious data collection. 

Although modern Information technology is an essential Ingredient in today's 
environment. Its misuse would pose grave threats to our Individual freedoms. As a 

result, Irequest that OTA undertake a review to determine the potential for abuse of 
Federal telecommunications and related information systems, considering both current and 
expected future technology, and weigh the prospects for limiting such abuses through 
technology and/or legislation. lappreciate your prompt attention to this request. 



Chalrman 
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June 3, 1985 


Dr. John H. Gibbons 
Director 

Office of Technology Assessment 
U s. Congress 
Washington , D. C. 205io 


Dear Dr. Gibbons: 

I would like to add my voice to that of Chairman Brooks in 
requesting that your office review the potential for abuse 
of Federal telecommunications and related information 
systems. I would like to request that such a study, to the 
extent practicable, cover private as well as government 
systems. 

The Judiciary Committee’s Subcommittee on Civil and Constitu¬ 
tional Rights, which I chair here in the House of Representatives, 
has long been concerned with the need to preserve traditional 
civil liberties in the context of advancing communications and 
computer technology. 

It would be most helpful to have from your office a study of 
current and expected developments in information technology 
and the prospects for protecting privacy and other civil liberties 
through legislation or through the technology itself. 

I look forward to receiving the benefits of your office's 
expertise in this important area. 


Sin cerely. 



Don Edwards 
Chairman 

Subcommittee on Civil and 
Constitutional Rights 



Appendix B 

National Policy on Protection of Sensitive, 
but Unclassified Information in Federal 
Government Telecommunications and 
Automated Information Systems 

National Telecommunications and 
Information Systems Security Policy 
NTISSP No. 2, Oct. 29, 1986 


CHAIRMAN 

SYSTEMS 

SECURITY 

STEERING 

GROUP 



FOREWORD 

NSDD-145, "National Policy on Telecommunications and 
Automated Information Systems Security," signed by the 
President on 17 Septsm.ber 1984 , in part provides policy and 
direction for systems protection and safeguards for telecom¬ 
munications and automated information systems that process or 
communicate sensitive but unclassified information. The 
MSDD-145 Systems Security Steering Group has established that 
sensitive, but unclassified information that could adversely 
affect national securitv or other Federal Government 
interests shall have system protection and safeguards; 
however, the determination of what is sensitive, but 
unclassified information is a responsibility of Agency heads. 
Executive Order 12356 prescribes requirements for classifying, 
declassifying, and safeguarding national security information. 

This policy and the principles and procedures contained 
in Office of Management and Budget (0MB) Circulars Nos. A-123 
and A-130, "Management of Federal Information Resources," are 
complementary. 



Mohn M. Poindexter 
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NATIONAL POLICY 
ON 

PROTECTION OF SENSITIVE, BUT UNCLASSIFIED INFORMATION IN 
FEDERAL GOVERNMENT TELECOMMUNICATIONS AND AUTOMATED 

INFORMATION SYSTEMS 

SECTION I - POLICY 

Federal Departnrents and Agencies shall ensure that 

telecommunications and automated information systems handling 
sensitive, but unclassified information will protect such 
information to the level of risk and the magnitude of loss or 
harm that could result from disclosure, loss, misuse, 
alteration, or destruction. 

SECTION II - DEFINITION 

Sensitive, but unclassified information is information 
the disclosure, loss, misuse, alteration, or destruction of 
which could adversely affect national security or other 
Federal Government interests. National security interests are 
those unclassified matters that relate to the national defense 
or the foreign relations of the U.S. Government. Other 
government interests are those related, but not limited to the 
wide range of government or government-derived economic, 
human, financial, industrial, agricultural, technological, and 
law enforcement information, as well as the privacy or 
confidentiality of personal or commercial proprietary 
information provided to the U.S. Government by its citizens. 

SECTION ill - APPLICABILITY 

This policy applies to all Federal Executive Branch 
Departments and Agencies, and entities, including their 

contractors, which electronically transfer, store, process, or 
communicate sensitive, but unclassified information; 

SECTTON IV - RESPONSiBlLlTlES 

This policy assigns to the heads of Federal Government 
Departments and Agencies the responsibility to determine what 
information is sensitive, but unclassified and to provide 
systems protection of such informat ion which is 
electronically communicated, transferred, processed, or 
stored on telecommunications and automa ted information 
systems. The Director of Central intelligence shall, in 
addition, be responsib i^ ident ifying sensitive, but 

unclassified information bearing on intelligence sources and 
methods and for establishing the system, security handling 
procedures and the protection required for such information. 
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Federal Government Department and Agency heads shall : 

a. Determine which o f their department ' s or agency ' s 
information is sensitive , but unclassified and may warrant 
protection, as sensitive during communications or processing 
via telecommunications or automated information systems. This 
determination should be based on the department's or agency's 
responsibilities , policies, and experience, and those require¬ 
ments imposed by Federal statutes, as well as National Manager 
guidance on areas that potential adversaries have targeted; 

b. identify the systems which electronically process, 
store, transfer, or communicate sensitive, unclassified 
information requiring protection; 

C. Determine, in. coordination with the National Manager, 
as appropriate, the threat to and the vulnerability of those 
identified systems and; 

d. Develop, fund and implement telecommunications and 

automated information security th^extent consistent With 

their mission responsibilities and in coordination with the 
National Manager, as appropriate, to satisfy their security or 
protection requirements. 

e. Ensure implementation of telecommunications and 
automated information systems security consistent with the 
procedures and safeguards set forth in 0MB Circular A-123 and 
A-130. 

The National Manager shall, when requested, assist 
Federal Government Departments and Agencies to assess the 
threat to and vulnerability of targeted systems, to identify 
and document their telecommunications and automated informa¬ 
tion systems protection needs, and to develop the necessary 
security architectures. 
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The Data Encryption Standard 


Background on Encryption 

The algorithms currently in use to encrypt (or 
encipher) messages and data are based on sophis¬ 
ticated mathematics and are usually implemented 
using computers or dedicated microprocessors. 
Nevertheless, their underlying objective is quite 
simple and can be traced back to antiquity:'to 
transform a message (or data) into a form that can¬ 
not be understood by anyone who does not pos¬ 
sess special knowledge—the "key’ '-that unlocks 
the cipher and reveals the message. 

Encryption takes a plaintext message and trans¬ 
forms it into a ciphertext (or encrypted) message 
using an encryption procedure and an encryption 
key. Thus, if P is the plaintext, E is the encryption 
procedure, and K. is the encryption k^, then the 
ciphertext, C, can be expressed mathematically as: 

C =E(K.,P). 

The inverse process, decryption, given by D, trans¬ 
forms the ciphertext back into plaintext using the 
decryption key, Kd: 

P =D(Kd, C). 

In many encryption algorithms, the encryption 
and decryption keys are identical (Kd = KJ and can 
be represented simply by K.^The algorithm that 
is used in the Data Encryption Standard (DES) 
uses one key, K, which is called a "private key" 
because the key is kept secret to ensure that out¬ 
siders cannot use it to read enciphered messages.^ 

The strength of an encryption algorithm (or ci¬ 
pher) can be measured by its "work factor’ ’-the 
amount of effort (number of steps and time) re¬ 
quired to "break" the cipher and read any en¬ 
crypted message without the key. An algorithm’s 
strength can be described in terms of the kinds of 
"attacks" (attempts to break the cipher) it can 
withstand. The most difficult type of attack to 
withstand is called the "chosen plaintext attack. 
In this type of attack, an adversary is able to sub¬ 
mit any amount of plaintext to the encryption al¬ 
gorithm and obtain the corresponding ciphertext. 
The (P,C) pairs can then be used to try to deter¬ 
mine the secret key and break the cipher. 

'See, for example, David Kahn: The Codebreakers: The Story of 
Secret Writing (New York, NY: The MacMillan Co., 1967). 

‘'These are called symmetric encryption algorithms. Asymmetric 
ciphers also exist, such as the "public-key" algorithms. (See the discus¬ 
sions in ch. 4 and app. I). ) 

’See R.C. Summers, “An overview of Computer Security, " IBM Sys¬ 
tems Journal, vol. 23, No. 4, 1984, pp. 309-325. 


An encryption scheme that is used as a stand¬ 
ard should be able to withstand chosen plaintext 
attacks, especially if the algorithms E and D are 
published as part of the standard. The strength 
of an encryption scheme is determined by the al¬ 
gorithm itself and by the complexity of the secret 
information (in the case of modern encryption 
schemes, by the length of the key). In general, 
longer keys (i.e., more digits or binary bits) cor¬ 
respond to a stronger cipher, but this is not neces¬ 
sarily the case: for a given algorithm, a shorter key 
weakens the cipher, but for different algorithms, 
one using a shorter key may be stronger overall 
than one using a longer key length. 

The strength of any encryption scheme rests fun¬ 
damentally on the integrity of the key(s) used. 
Therefore, proper key management is fundamen¬ 
tal to the security provided by any encryption 
scheme or cipher."^ 

Evolution of the Data Encryption 
Standard 

The Solicitation for a Standard 

No single event or act of Congress led the Fed¬ 
eral Government to adopt a published encryption 
standard for Federal agencies to protect their un¬ 
classified computer data and communications. In¬ 
stead, a number of developments and concerns 
came together in the 1960s and 1970s that caused 
many people in and out of Government to conclude 
that a common means of protecting the Govern¬ 
ment’s electronic information was needed. 

One of these developments was the Brooks Act 
of 1965 (Public Law 89-306), which authorizes the 
National Bureau of Standards (NBS) to develop 
standards governing the purchase and use of com¬ 
puters by the Federal Government, to do research 
supporting the development of these standards, 
and to assist Federal agencies in implementing 
them. At the same time there was an increasing 
interest in ensuring the confidentiality and secu¬ 
rity of the Federal Government’s computer files 
containing data on individual citizens.'Addition- 


^See the discussion of kev management in ch. 4. 

^These concerns privacy Act of 1974, 
ample. For more background on DES, see: U.S. Senate Select Commit¬ 
tee on Intelligence. “Unclassified Summary: Involvement of NSA in 
the Development of the Data Encryption Standard" (Staff Report), 98th 
Cong., 2d sess., April 1978. 
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ally, electronic transactions, such as fund trans¬ 
fers, were beginning to proliferate both within the 
Federal Government and in the private sector. 

These trends gave i mpetus to growi ng concerns 
for the security of Federal electronic information 
and transactions. A consensus developed among 
computer security researchers at NBS and the 
National Security Agency (NSA) that a technical 
means should be develop^ for safeguarding them 
against accidental error as well as from assaults 
by organized crime. At the time, they anticipated 
that the useful lifetime of this safeguard technol¬ 
ogy would be about 30 years—until the late 
1990s.' 

NBS initiated a study in 1968 to evaluate the 
Federal Government's computer security needs. 
As a result, NBS decided in 1972 to develop a gov- 
ernmentwide standard for encrypting unclassified 
Government data using an encryption algorithm 
to be published as a public standard. NBS initiated 
a computer security program within its Institute 
for Computer Sciences and Technology (ICST) in 
mid-1972. In early 1973, NBS and NSA staff met 
to discuss the encryption project. Throughout the 
development of the standard, NBS made use of 
NSA's recognized expertise, including the evalua¬ 
tion of algorithms proposed for the standard. Also, 
some technical personnel left NSA and joined NBS 
during the early 1970s to staff the latter's new com¬ 
puter security program. A chronology of DBS de¬ 
velopment, provided by NBS, is shown in table 15, 

On May 15, 1973, NBS issued a solicitation 
through the Federal Register for interested parties 


"I), Branstad. NBS ICST. Private communication with OTA staff, 
Au^^. 6, 1986. 


to submit algorithms for possible consideration as 
a data encryption standard. There were few re¬ 
sponses; none were considered suitable. A second 
solicitation was issued on August 27, 1974. IBM 
responded to the second solicitation; its algorithm 
eventually became the Data Encryption Standard 
(DBS). 

IBM had already done considerable work devel¬ 
oping encryption algorithms. Prior to the soli cita¬ 
tion for DES, IBM had developed and patented 
a 64-bit Cash I ssuing Algorithm for safeguarding 
financial transactions and a 128-bit encryption al¬ 
gorithm called Lucifer.'As part of the patenting 
process, IBM's algorithms were submitted to NSA 
for review to determine whether or not the al¬ 
gorithms should be classified. NSA chose not to 
classify the algorithms and suggested to IBM that 
one of them, with some modification, should be sub¬ 
mitted to NBS. 

This step in the process has given rise to a great 
deal of controversy over the years. Although the 
algorithm that IBM submitted to NBS was exactly 
that which was published later as the Data Encryp¬ 
tion Standard, this algorithm differed from the 
original IBM algorithm in a couple of fundamen¬ 
tal ways. These changes were made by IBM on the 
advice of NSA, which later led to questions as to 
whether NSA had "tampered'with the algorithm 
or weakened it in some way, perhaps creating a 
"trapdoor" that NSA could spring. First, the key 
length was shortened to 56 bits. Second, changes 


'For a discussion of Lucifer and a description of the algorithm, see: 
Horst Feistel, "Cryptography and Computer Privacy," Scientific Amer¬ 
ican, vol 228, No. 5, May 1973, pp . 15-23. 


Table 15.—Chronology of DES Development (major Federal agency events) 


Event Date 


. NBS identifies need for computer security standards,. August 1971 

• NBS initiates program in computer security. July 1972 

NBS meets with NSA on encryption project. February 1973 

Z NBS publishes request for encryption algorithms. May 1973 

. NSA reports no suitable algorithms were submitted. December 1973 

. NBS publishes second request for algorithms. August 1974 

• NSA reports one submitted algorithm is acceptable. October 1974 

• NSA approves publication of proposed algorithm. January 1975 

• DOJ approves publication of proposed algorithm. February 1975 

. NBS publishes proposed algorithm for comment. March 1975 

. NBS publishes proposed DES for comment. August 1975 

ZNBS briefs DOJ on competition issues. February 1976 

. NBS holds workshop on technology concerning DES. . . . August 1976 

. NBS holds workshop on mathematical foundation of DES. September 1976 

Z DOC approves DES as a FIPS. November 1976 

• NBS publishes DES as FIPS PUB 46. January 1977 


SOURCE Natjonal Bureau of Standards, cjrca 1978 
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were made in the internal structure of the substi¬ 
tution functions—often referred to as the "S-boxes' 
—contained within the algorithm.® 

In response to these concerns, NSA publicly 
stated that the reduced key size was sufficient for 
use in unclassified applications and, furthermore, 
that the IBM algorithm proposed for the data en¬ 
cryption standard was "to the best of their knowl¬ 
edge, free of any statistical or mathematical weak¬ 
ness. "g However, it was difficult for individuals 
outside of NBS, NSA, or IBM to independently 
substantiate (or refute) these statements. At the 
request of NSA, IBM had not disclosed all of the 
design criteria used in the creation of the candi¬ 
date algorithm-in particular, those resulting from 
NSA's testing and evaluation of the original al¬ 
gorithm and the criteria that had been used to se¬ 
lect the modified S-boxes and shorter key length. 
Thus, although the proposed DES was published 
for comment, not all of the evaluative criteria that 
has been used in developing the algorithm were 
made public. 

Comments on the Proposed Standard 

Comments on the proposed standard were solic¬ 
ited in the Federal Register on March 17 and Au¬ 
gust 1,1975, and in an August 1,1975 letter sent 
to all Federal Information Processing Standards 
points of contact in Federal agencies.NBS pre¬ 
pared an analysis of the comments from the three 
solicitations.“According to NBS, "all responses 
have been carefully considered and changes made 
to the standard where appropriate. However, no 


^These were some of a set of allegations to the effect that NSA was 
improperly involved in the development of DES and was attempting 
to exert undue influence on university and private-sector cryptological 
research. The Senate Select Committee on Intelligence conducted a clas¬ 
sified investigation of these allegations. Among its findings was that: 
"NSA did not tamper with the design of the algorithm in any way. IBM 
invented and designed the algorithm, made all pertinent decisions re¬ 
garding it. and concurred that the agreed upon key size was more than 
adequate for all commercial applications for which the DES was in¬ 
tended. " U.S. Senate, Select Committee on Intelligence, "Unclassified 
Summary: Involvement of NSA in the Development of the Data En¬ 
cryption Standard" (Staff Report), 95th Cong., 2d sess., April 1978, p. 4. 

Others contend that the modifications that were made to the S-boxes 
improved them and also were, at least in part, intended to minimize 
their logic to permit a smaller chip size when DES was implemented 
in hardware. 

^U.S. Senate Select Committee on Intelligence, April 1978 , op.dt. 

'^^The Department of Commerce/NBS published the proposed Data 
Encryption Algorithm in the Federal Register on Mar. 17, 1975 (vol. 
40. No, 52. p. 12134 et, seq.) and solicited comments to be submitted 
to NBS by May 16, 1975. 

•'“Analysis of Comments on the Data Encryption Standard, " 
NBS/ICST(n.d., circa 1978). In total, 18 industry, 10 Federal, and 1 
congressional source responded. Copies of all comments received by NBS 
and NBS’ responses are available for public review at NBS. 


changes have been made to the algorithm itself and 
no substantive changes have been made to the 
standard which would warrant further solicitation 
for comments. (See box F.) 

One of the specific recommendations contained 
in the comments was that only hardware imple¬ 
mentations should be considered. In response, 
NBS stated that "hardware is the only recom¬ 
mended implementation.'®Nevertheless, several 
software implementations of DES have been de¬ 
veloped by vendors for use by the private sector; 


‘“Ibid. 

Ibid, 


Box F.-Data Encryption Standard 
Summary of General Concerns 

The following is a summary of the substan¬ 
tive general concerns about the proposed 
Data Encryption Standard stated in the com¬ 
ments received by NBS: 

1. Computer equipment and related data 
processing equipment not based on a 64- 
bit architecture will be placed at a com¬ 
petitive disadvantage (A2, A3, A4, A5, 
A9, AlO, B2, B5, B7, BIO), 

2. Certain types of communication systems 
may be degraded to a significant degree 
(Al, A2, A3, A4, A5, AlO, All, B2, B4, 
B5, B9). 

3. The proposed algorithm is too complex, 
especially when implemented in software 
(Al, A3, A4, A8, AlO, All, B4, B9). 

4. Applicability of the algorithm, including 
when and where to use it, is not speci¬ 
fied (All, B2, C2, C6). 

5. The proposed standard does not contain 
information on electrical, mechanical and 
functional interfaces to devices imple¬ 
menting the standard (A2, A7, A9, B2, 
B5, B7, C2, C6). 

6. Administrative procedures for valida¬ 
tion, procurement and testing have not 
been described (Al, A4, A7, B2, C2, C6). 

7. Policy for exporting devices implement¬ 
ing the proposed DES has not been made 
(B2). 

8. The algorithm does not provide an ade¬ 
quate level of security (A2, A3, A4, A6, 
A8, B7, B9, BIO). 

SOURCE: "Analysis of Comments on the Data Encryption 
Standard, " unpublished data available for public re¬ 
view at NBS. 
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the first software simulation of DES (by Compu¬ 
tation Planning, Inc.) was announced in Novem¬ 
ber 1975. 

The previously mentioned controversy and de¬ 
bate concerning the strength of the proposed 
standard and NSA's role in its development con¬ 
tinued through the 1970s. To address some of these 
concerns, NBS sponsored two workshops on DES 
and also briefed the Department of J ustice con¬ 
cerning possible competition issues involving the 
proposed standard. The first workshop, held in Au¬ 
gust 1976, addressed the technical and economic 
feasibility of constructing a special-purpose com¬ 
puter to attack DES through computational brute 
force. The second workshop, held in September 
1977, addressed the mathematical foundations of 
the DES algorithm. Although the outcome of these 
workshops was to allay most fears that DES was 
not sound or could be inexpensively broken by 
brute force before the 1990s, participants ex¬ 
pressed concerns that it had not been possible to 
assess all of the design characteristics of DES be¬ 
cause some had not been made public. 

Also, in late 1975, Congressman J ack Brooks (D- 
Tex.), writing in response to the solicitation for 
comments, asked whether NSA had put undue in¬ 
fluence on NBS in setting the security level of DES 
and what the NBS role had been in DES develop¬ 
ment and key generation. Prompted by Brooks' in¬ 
quiry, the Senate Select Committee on I ntelligence 
staff ultimately responded, after a classified in¬ 
quiry, that there had been no undue NSA influ¬ 
ence. ""At the time, NBS stated that, although it 

would provide guidance and gcxxi techniques for 
individual Federal agencies to generate their own 
DES keys in accordance with Federal Information 
Processing Standards (FIPS), no Government 
agency should generate keys for other agencies or 
for the private sector. 

Promulgation of the Standard 

The Department of Commerce approved DES as 
a standard in November 1976. NBS published it 
as FIPS PUB 46 in J anuary 1977, with the provi¬ 
sion that DES would be reviewed for continued 
suitability at 5-year intervals and would be recer¬ 
tified (or not) every 5 years by NSA. DES was last 
recertified in 1982. 

The administrative and technical workloads 
associated with the development and promulgation 


'Computer Encryption and the National Security AgencyConnec- 
ion," Science, vol. 197, J uly 29, 1977,pp. 438-440. 

' "U .S. Senate Select Committee on I ntelligence, April 1978, op. cit. 


of DES were substantial-for NBS; other Federal 
agencies; the private sector (including vendors, the 
banking community, university researchers, and 
others); and for Congress, its staff, and support 
agencies. According to NBS, DES consumed some 
3 man-years of effort for DES-related interactions 
alone by 1978, exclusive of IBM technical devel¬ 
opment of the algorithm. Although exact statis¬ 
tics were not compiled, these interactions included 
a conference at NBS and some 2,000 technical and 
policy meetings, telephone discussions, and mail 
contacts. A 3-year projection of continued inter¬ 
actions more than tripled the man-year estimates. 

Developing the standards to support DES-for 
use in communications, data storage, message 
authentication, user/terminal authentication, phys¬ 
ical security, magnetic stripe encryption, and key 
management—consumed an estimated 6 y 2 man- 
years at NBS and another 34 man-years elsewhere 
between 1977 and 1980.“ 

One estimate of the total (administrative, tech¬ 
nical, test, and validation) DES-related costs 
through 1977 amounted to about $515,000 for NBS, 
som ,$6 to $10 million for IBM, about $460,000 
for NSA, and around $1.5 million for other users 
and vendors. The estimated NBS support cost for 
DES during the period 1978-80 was more than 
$800,000. 

As of J anuary 1987, about 20 industry vendors 
had produced one or more versions of hardware or 
firmware devices (chips) implementing the DES al¬ 
gorithm, for use in their own products or for sale 
to other manufacturers. And, as of that date, NBS 
had validated 28 implementations of the DES al¬ 
gorithm in hardware or firmware, produced by 11 
vendors. 

NBS, which takes the position that software im¬ 
plementations of DES would not comply with the 
Federal standard, only validates electronic devices 
(hardware or firmware) implementing the DES al¬ 
gorithm. The rationale is that hardware implemen¬ 
tations are faster than software and that they are 
thought to be more reliable and harder for an ad¬ 
versary to modify "behind the user's back.”; 
Software implementations of DES are being mar¬ 
keted, but are not validated or certified for Gov¬ 
ernment use. Also, some vendors choose not to sub- 


‘“Sourcc: Unpublished estimates developed at NBS in the late 1970s, 
'‘At the same time, it is worth noting that software implementations 
of high-quality encryption are much more difficult to control in terms 
of their dissemination and exportability. Because the DES algorithm 
is published, almost anyone with the requisite technical skills can pro¬ 
duce soft ware versions of it, producing microprocessor-based implemen¬ 
tations is more difficult. The new NS.A secret algorithms are easier to 
control because thev are not published. 
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mit their hardware or firmware DES products for 
validation or certification for Government use. 
According to NBS staff, the Department of De¬ 
fense is one of the largest single Federal custom¬ 
ers for DES-based devices. 

Figure 22 shows the roles of NBS and GSA in 
DES-based product validation and procurement. 

Description of DES 

A short technical summary of the encryption al¬ 
gorithm used in DES is given in figure 13 and box 
B of chapter 4. Complete technical descriptions of 
the four DES modes of operation, including initiali¬ 
zation and error propagation properties and use 
for message authentication, may be found in FIPS 
Publications 74, 81, and 113, issued by NBS.“ 
Diagrams of DES modes of operation, taken from 
NBS publications, are given in figure 23. 


‘^U.S. Department of Commerce, National Bureau of Standards: 
"Guidelines for Implementing and using the NBS Data Encryption 
Standard, " FIPS PUB 74, Apr. 1, 1981; "DES Modes of Operation, " 
FIPS PUB 81, Dec. 2, 1980; and "Computer Data Authentication, " FIPS 
PUB 113, May 30, 1985. 


Figure 22.— DES Validation and Procurement 



SOURCE National Bureau of Standards/lnstitute for Computer Sciences and 
Technology 
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Figure 23.~DES Modes of Operation 
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SOURCE; National Bureau of Standards, FIPS PUBS 81 and 74, Aor 1, 1981 
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Appendix D 

Message Authentication, Public-Key 
Ciphers, and Digital Signatures 


Message Authentication 

An "authentic" message is one that has arrived 
exactly as it was sent (without errors or altera¬ 
tions), is not a replay of a previous message, and 
comes from the stated source (not forged or falsi¬ 
fied by an imposter or fraudulent altered by the 
recipient). "Encipherment in itself does not auto¬ 
matically authenticate a message: it protects 
against passive eavesdropping automatically, but 
does not protect against some forms of active 
attack." 

Encipherment algorithms can be used to authen¬ 
ticate messages, however, and the algorithm used 
in the Data Encryption Standard (DES) is the most 
widely used cryptographic basis for message au¬ 
thentication. As discussed in more detail later, 
there are profound differences in using a symmet¬ 
ric cipher, such as the current DES algorithm, 
rather than an asymmetric one like the RSA al¬ 
gorithm named after its inventors: Ronald Rivest, 
Adi Shamir, and Leonard Adel man. Use of a sym¬ 
metric cipher for message authentication can only 
protect against third parties and not against fraud 
by either the sender or receiver (both of whom know 
the secret key), while an asymmetric algorithm can 
be used to resolve disputes between the sender- 
receiver pair. 

As the uses of electronic media for financial and 
business transactions have proliferated, message 
authentication techniques have become increas¬ 
ingly important and have evolved from simple 
pencil-and-paper calculations to sophisticated, 
high-speed hardware processors. 


' For a thorough discussion of message authentication and the vari- 
ous techniques used to authenticate messages, see Davies <& Price, Secu¬ 
rity for Computer Networks: An Introduction to Data Security in 
Teleprocessing and Electronic Fund Transfers (New York, NY: J . Wiley 
& Sons, 1984) ch. 5. The descriptions of authentication techniques in 
this section follow Davies & Price closely. 

'Davies & Price describe passive attack as eavesdropping and active 
attack as the falsification of data and transactions through such means 
as: 1) alteration, deletion, or addition; 2) changing the apparent origin 
of the message; 3) changing the actual destination of the message; 4) 
altering the sequence of blocks of data or items in the message; 5) replay¬ 
ing previously transmitted or stored data to create a new false mes¬ 
sage; or 6) falsifying an acknowledgment for a genuine message. (See 
Davies & Price, op. cit., pp. 119-120. ) 


In general, the various message authentication 
schemes that are used can be grouped together 
according to whether they are based on public 
knowledge or, at least in part, on secret knowledge. 
Among the former are message authentication 
using check fields,"parity checks,‘'and cyclic 
redundancy checks.'These share a common weak¬ 
ness: unauthorized or fraudulent modifications 
may go undetected because they are accompanied 
by matching, yet fraudulent, authentication pa¬ 
rameters that can be calculated by unauthorized 
parties because the authentication parameters are 
not secret. 

Using secret authentication parameters known 
only to the sender and receiver permits a stronger 
form of message authentication because the check 
field data cannot be forged by a third part y unless 


'^Check-field techniques are designed to ensure that stored or trans 
mitted information has been prepared correctly. A check field is a sim- 
plefunction of the numerical characters in the important fields of the 
message that makes it highly likely that the most common types of 
mistakes and errors will be detected. The use of check fields does not 
safeguard against deli berate fraud by data-entry operators or others; 
because the check sum function and the data used to create it are not 
secret, a data-entry operator could calculate the "correct check sum 
and transmit it along with a fraudulently altered message. Also, it is 
possible to generate false messages that have the same calculated check 
sum value as the original message. (See Davies & Price, op. cit., pp. 
121 - 122 .) 

'^Parity checks can be used to detect accidental errors during trans¬ 
mission, usually either by using an eighth "parity bit with each seven- 
bit message word or by providing longitudinal parity checks using 
modulo-2 addition on successive words. Parity checks are weak in that 
multiple errors and/or missing blocks can sometimes go undetected. (See 
Davies & Price, op. cit., p. 122. ) 

'According to Davies & Price, cyclic redundancy checks are the best- 
known error detection method and offer strong protection against ac¬ 
cidental error. However, the procedure for creating the check data via 
a predetermined polynomial is public knowledge. Therefore, the checks 
do not provide strong protection against an active attack. In this form 
of message authentication, the cyclic check operation calculates the 
check data by dividing the polynomial formed by a block of message 
bits by the predetermined check polynomial and using the "remainder" 
from the polynomial division as a check field. The check field is appended 
to the message block and transmitted with the message. Upon its re¬ 
ceipt, the recipient performs the same polynomial division operation 
on the message and compares the remainder with the transmitted check 
field to authenticate the message. The cyclic check does not protect 
against active attack because the means of creating the check data— 
the polynomial division operation—is not secret. An active wiretapper 
can divert the message, alter it, calculate a new check field using the 
correct predetermined polynomial, and retransmit the altered message 
with the new check field appended. The message will appear to be authen¬ 
tic when the recipient compares the check fields. (See Davies & Price, 
op. cit., pp. 122-123. ) 
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the secret parameters are compromised. A differ¬ 
ent secret parameter is usually required for each 
sender-receiver pair. The logistics for distributing 
this secret information to the correct parties is 
analogous to key distribution for encryption. Com¬ 
promise of the secret parameters invalidates the 
integrity of the safeguarding function because it 
could then be forged. (See ch. 4.) 

In the most general sense, an authentication 
function based on secret knowledge can be con¬ 
structed from a public authenticator algorithm and 
a secret authentication key.®Examples of authen¬ 
ticators based on secret keys include the Decimal 
Shift and Add (DSA) algorithm,'and the propri¬ 
etary S. W. I.F.T. (Society for Worldwide Interbank 
Financial Telecommunications) and Data Seal al¬ 
gorithms, which use binary arithmetic.®Although 
authentication can be based on encryption (the 
DES algorithm, for example, is widely used for 
message authentication), the strict requirements 
for an authenticator algorithm differ from those 
for an encryption algorithm because authentica¬ 
tion does not require the existence of an inverse 
function (i.e., decryption). It is also possible to base 
message authentication on secret numbers used in 
conjunction with special one-way functions. ® 

Encryption alone is not always sufficient to com¬ 
pletely authenticate a message. If decryption of 
an encrypted message yields "sensible" plaintext, 
without garbled portions, then there is reasonable 
certainty that the message was originated by the 
other "authorized" holder of the secret key. How¬ 
ever, some types of message alterations can go un¬ 
detected. “A more robust authentication method 
(than DES encryption alone, for example) is to use 

"For mathematical and functional descriptions of authenticator func¬ 
tions, see: Davies & Price, op. dt.. pp. 123-135; and Et. R. J ueneman, S.M. 
Maiyas.and C. H Meyer.' 'Message Authentication, " IEEE Commu¬ 
nications Magazine, vol 23. No. 9, September 1985, 

'DSAi.s based on parallel computations performed by the sender and 
receiver; the Starting point for the computations are two secret 10-digit 
decimal numbers. The message to be authenticated is treated as a string 
of decimal digits, thus DSA requires that alphabetic characters be en¬ 
coded into numeric form, although the numeric content of a message 
(e. g., the value of a financial transaction) does not require any conver¬ 
sion. According to Davies & Price (see pp. 127-130 for an example of 
DSA). the algorithm can be implemented using a programmable deci¬ 
mal calculator. 

"Because these are proprietary, they are not available for use as a 
published standard. 

"A one-way function has the special property that, although the func- 
t ion itself i.s relatively easy to compute, its inverse is quite difficult to 
compute— i.e., even if the values of authenticators for many messages 
are known, it is almost impossible to recover the text of a message given 
only the value of its authenticator. Some, hut not alE, "hash functions - 
functions that appear to generate random outputs from nonrandom 
mats — are suitable for message authentication. 

^''See Davies & price, op dt.,pp. 134-135 for examples. Jueneman, 
et al , also discuss strengths and weaknesses of various authentication 
and manipulation detect ion techniques. 


DES hardware in an appropriate mode of opera¬ 
tion in order to create a message authentication 
code. “ 

When DES hardware is used for authentication, 
it is operated in either the cipher block chaining 
(CBC) or cipher feedback (CFB) mode; the chain¬ 
ing or feedback operation ensures that the authen¬ 
ticator, selected from the last state of the DES 
hardware output register, is a function of the en¬ 
tire message stream input to the DES device. “ 
The authenticator is appended to the message and 
transmitted along with it. The recipient removes 
the authenticator from the received message and 
calculates his or her own value of the authentica¬ 
tor using the secret key and initialization vector 
shared with the sender. If the two authenticator 
values are the same, then there is increased assur¬ 
ance that the message is authentic. 

The message can be transmitted in plaintext 
without compromising its authenticity. If the mes¬ 
sage is altered by a third party who does not use 
the secret DES key to calculate a forged authenti¬ 
cator to append to the altered message, then the 
authenticator calculated by the receiver will not 
have the same val ue as the one transmitted with 
the message. However, because both sender and 
receiver know the secret parameters, either could 
fraudulently alter the message and deny having 
done so. This type of dispute can be resolved 
through use of an asymmetric cipher, as will be dis¬ 
cussed below in the sections on public-key ciphers 
and digtal signatures. 

If privacy as well as authentication is required, 
then one scheme for encrypting and authenticat¬ 
ing a message involves sequential use of DES using 
two different secret keys: one to calculate the 
authenticator (called the message authentication 
code or MAC), and one to encrypt the message. 
These operations can be performed in either order; 
the ANSI X9.23 standard requires that the MAC 
be calculated before encryption." Even the MAC 


"strictly speaking, any block encryption algorithm could be used. 
However, in practice, the cipher used is DES because the algorithm is 
readily available in hardware form. The DES algorithm is relatively slow 
in software form, which makes the hardware form much more convenient 
for data transmission. 

'^Inthe CBC mode, the authenticator is the most significant n bits 
from the last block output by the device. I n the mode, the DES 
device is operated one additional time after the last message block is 
input, and the authenticator is selected as the most significant n bits 
of the final output block. The length of the authenticator (usuaUv32 
bits for EFT authentication, according to the standard) is determined 
jointly by the sender and receiver. 

'Mf the checks theCiphertext. then an adversary is able to 

mount a known plaintext attack on the key used for authentication. 
If, however, the MAC checks the plaintext, then an adversary must 
break both the MAC kc}' and the encryption key in order to send fraudu¬ 
lent messages. 
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and encryption do not safeguard against replay of 
messages (e.g., electronic fund transfers). There¬ 
fore, various message sequence numbers or date 
and time stamps are usually incorporated into the 
text of the message. The ANSI X9.9 standard re¬ 
quires a message identifier field to prevent replay. 

Public-Key Ciphers 

A symmetric cypher is an encryption method 
using one key, known to both the sender and re¬ 
ceiver of a message, that is used both to encrypt 
and to decrypt a message. Obviously, the strength 
of a symmetric cipher depends on both parties 
keeping the key secret from others. With DES 
cipher, for example, for which the algorithm is 
known, revealing the encryption key permits the 
message to be read by any third party. 

An asymmetric cypher is an encryption scheme 
using a pair of keys, one to encrypt, and a second 
to decrypt a message, specif class oT asym¬ 
metric ciphers are public-key ciphers, for which the 
encrypting key ne^ not be kept secret to ensure 
private communication. 15 Rather, Party A can 
publicly announce his encrypting key, PK^, allow¬ 
ing anyone who wishes to communicate privately 
with him to use it to encrypt a message. Party A's 
decrypting key, SK^, is kept secret, so that only 
A (or someone else who has obtained the secret 
decrypting key ) can easily convert messages en¬ 
crypted with PK^back into plaintext.'® 


'^See Davies & Price, op. cit., ch. 8, for a more complete discussion 
of asymmetric and public-key ciphers. 

A discussion of the underlying principles of public-key ciphers, includ¬ 
ing examples of the RSA and knapsack algorithms, is given in: Martin 
E. Heilman, 'The Mathematics of Public-Key Cryptography, " Scien¬ 
tific American, vol 241, No. 2, August 1979, pp. 146-157. 

A pictorial example of the RSA public-key method can be found in 
Computer Security (one of the Understanding Computers series) (Alex¬ 
andria VA: Time-Life Books, 1986), pp. 112-117. 

'The public-key concept was first proposed by Whitfield Diffie and 
Martin Heilman in "New Directions in Cryptography, " IEEE Trans. 
Information Theory, IT-22, 6, November 1976, pp. 644-654. Diffie and 
Heilman also described how such a public-key cryptosystem could be 
used to "sign" individual messages and to simplify the distribution of 
secret keys. Their work was the basis for Rivest, Shamir, and Adelman’s 
practical implementation of such a system in 1978, called the RSA cipher. 
Some ciphers proposed for public-key systems have subsequently been 
broken. For example, the Diffie-Hellman "discrete exponentiaf" cipher 
was broken several years later by Donald Coppersmith of IBM [G. 
Kolata: "Another Promising Code Falls, " Science, vol. 226, Dec. 16, 1983, 
p. 1224]. The 'trap-door knapsack" cipher, another public-key cipher 
proposed in 1976 by Heilman and Ralph Merkle, was broken by Shamir 
and Adelman in 1982. (See Computer Security, op. cit., pp. 100-101; and 
Heilman’s 1979 article in Scientific American.) 

^^This section uses the notation PK for "public key" (usually, the en¬ 
crypting key) and SK for "secret key" (usually, the decrypting key). 
For A and B to have two-way communication, two pairs of keys are 
required: the "public" encryption keys PK ^ and PK^^. and the secret 
decryption keys SK^andSK^,. 


Knowing the public encryption key-even when 
the encrypted message is also available-does not 
make computing the secret decrypting key easy, 
so that in practice only the authorized holder of 
the secret key can read the encrypted message." 
However, with the encrypting key being publicly 
known, a properly encrypted message can come 
from any source, so there is no guarantee of its 
authenticity. 

It is also crucial that the public encrypting key 
be authentic. An imposter could publish his own 
key, PK|, and for example, pretend it came from 
A in order to read messages to A, which he could 
intercept and then read using his own SKI. There¬ 
fore, the strength of the public-key cipher rests on 
the authenticity of the public-key and the secrecy 
of the private key. A variant of a public-key sys¬ 
tem allows a sender to authenticate messages by 
"signing" them using an encrypting key, which 
(supposedly) is known only to him. This is a very 
strong means of authentication and is discussed 
further in the following section on digital sig¬ 
natures. J 11 4. 4. 4.U 

Davies and and illustrate the 

functional requirements for a general public-key 
cryptosystem. A brief overview follows here, but 
a detailed description of the underlying mathe¬ 
matics is beyond the scope of this appendix. 

If encipherment is performed by some function 
E{K,) and decipherment by another D(Kd), then in 
order to make the decipherment function the in¬ 
verse of encipherment, the encrypting key, Ke, and 
the decrypting key, Kd, must be related somehow. 
Suppose both keys are derived from a randomly 
selected starting key, or seed key, K, such that 
K,.= F(Ks) and Kd =G(Ks), where the functions F, 
G, D, and E defined above are published. Party 
A would then select a Ks (which would be kept 
secret), use it to calculate Keand Kd, and publish 
Ke, as his public key, PK,,, while keeping Kd secret 
as the secret key, SK^. 

If P is the plaintext message and C is the en¬ 
crypted message, then C =E(P) and P= D(E(P)); 
that is, D(E(P)) must be the inverse of E. However, 
because E is really the function E(K,) and is pub¬ 
lic, the function E must not be readily invertible 
or else an opponent can readily calculate P given 
C and E. This property is described as making E 


''Use of the two keys might also be used to separate access to "read” 
and ‘ 'write' data functions. For example, by controlling dissemination 
of the encryption key, one might control write access; by controlling 
disseminatior^nf the decrvot^l^n^^ey, read access. 
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(and also the function F, which generates K, from 
Ksone-way functions that cannot readily be in¬ 
verted. 

The requirements that E be a noninvertible, one¬ 
way function and that D(E(P)) be its inverse are 
reconcilable when E is not invertible without 
knowledge of K„ but the inverse of E is readily 
obtained using the secret key Kd. Thus, knowledge 
of the secret key is a' 'trapdoor, which makes the 
inverse of E simple to implement. E(P), where 
E =E(Ke), is a one-way function with a trapdoor 
D(E(P)), which allows it to be inverted. Knowledge 
of Kd springs the trapdoor. “ 

A public-key cryptosystem consists of encryp¬ 
tion and decryption functions, together with meth¬ 
ods for generating pairs of keys from the random 
seed values. The one-way property of a "one-way 
function," such as E, is really only a matter of com¬ 
putational complexity. The encryption function 
should be relatively easy to carry out, given Ke. and 
E, but given the ciphertext C = E(P), the plaintext 
P =D(E(P)) should be very hard to calculate and 
should require a very large number of steps, un¬ 
less Kd is known. 

In principle, it should be possible to calculate 
values of C for many values of P and then to sort 
and tabulate the pairs of (Pi, Ci) to obtain an ex¬ 
plicit inversion of E. Because this type of exhaus¬ 
tive search process requires a large number of com¬ 
putational steps and large computer memory size, 
both of which grow exponentially with the key size, 
E is effectively a one-way function if the explicit 
inversion requires a very large number of (P,C) 
pairs. 

Like all of modern cryptography, public-key 
cryptosystems rely heavily on mathematics and. 


n particular, on number theory. The RSA cipher 
is based on modular arithmeti'c^ 


‘'"See Davies & Price, op. cit.,ch. 8 for a more thorough explanation. 
Diffie an(d Heilman introduced the concept of trapdoor one-way func¬ 
tions in their 1976 paper (op.cit.), but did not present any examples. 
In their 1978 paper, Rivest, Shamir, and Adelman presented their im¬ 
plementation of a public-key system using a one-way trapdoor function. 
See also K.L. Rivest, A. Shamir, and L. Adelman "A Method for Ob¬ 
taining Digital Signatures and Public-Key Cryptosystems, "Commum- 
cations of the ACM, vol. 21, No. 2, February 1978; and Heilman’s arti¬ 
cle in the August 1979 issue of Scientific American op. cit. 

'‘^Finite arithmetic with modulus m (modular arithmetic) has the oper¬ 
ations of addition, multiplication, subtraction, and division defined. A 
prime number—e.g., 3, 5, or 7 in modulo 10 arithmetic—has no factors 
other than 1 and itself. Finite arithmetic with a prime modulus p has 
the additional property that multiplication always has an inverse. This 
property is crucial for cryptography}'. 

I n modulus 10 arithmetic, for example, the number 57 would be rep¬ 
resented by its remainder, 7 : 57 10 =5, with a remainder of 7. More 
general}', the remainder always has a value between Oand (m 1), where 
mis the modulus Thus, in modulus 3 arithmetic, 57 would berepre- 
sentedbythe remainder of 0; in modulus 1 1 arithmetic by the remainder 
of 2, etc 


door knapsack cipher is based on combinatorial 
mathematics as well. The mathematical problems 
underlying the RSA cipher and the knapsack 
public-key cipher belong to a class of problems 
called "nondeterministic, polynomial-time prob¬ 
lems, "or NP problems. The computational burden 
of finding a solution to the hardest NP problems, 
using published methods, grows very rapidly as 
the size of the problem increases. It is strongly be¬ 
lieved (but not proved) that the burden must grow 
very rapidly, no matter what method of solution 
is used. However, once the solution is found, it can 
be checked very easily. 21 Even so, it is possible 
that advances in mathematics and computer sci¬ 
ence may undermine public-key cryptosystems 
based on "one-way" functions. One instance of this 
was the "breaking" of the trapdoor knapsack ci¬ 
pher. Box G describes this cipher. 

The knapsack cipher system was thought to be 
effectively unbreakable (computationally but not 
unconditionally secure) and Merkle issued an open 
challenge to cryptologists in 1976 to break it. In 
1982, Adi Shamir at the Massachusetts Institute 
of Technology (MIT) broke the cipher analytically. 
Soon afterward, Leonard Adelman, a former col¬ 
league of Shamir, used Shamir's method and an 
Apple II computer to break an example of the 
knapsack cipher. 

Another public-key system, called the RSA sys¬ 
tem, was announced in 1978. The RSA system is 
computationally more complex to implement than 
the trapdoor knapsack cipher and it has not yet 
been broken. Also, the RSA system does not ex¬ 
pand the plaintext message the way the knapsack 
cipher does. Message expansion occurs with the 
knapsack cipher because the sum of the "hard" 
knapsack vector used in the knapsack public key 
is larger than the sum of the "easy" vector used 
in the secret key. Therefore, more binary bits are 
required to represent the ciphertext than to repre¬ 
sent the plaintex!. 

The RSA Public-Key System 

The RSA public-key system is thought to be the 
most computationally secure, commercially avail¬ 
able public-key system. It also enables the prob- 


The exponential function a"* in modulus p arithmetic is valuable as 
a one-way function: calculating the exponential y =aNseasy. but cal¬ 
culating its inverse, x = log^y is difficult for large p. 

See Heilman's article in'the August 1979 Scientific American op. 
cit. 
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Box G—The Trapdoor Knapsack Cipher 

The trapdoor knapsack system was proposed by Ralph Merkle and Martin Heilman in 1976/ 
The "knapsack puzzle” or "knapsack problem” is well-known in mathematics and can be summa¬ 
rized bri^ly as the following problem: 

Suppose you are given a set of N weights of assorted (and known) integer sizes. You want to use them 
to balance a knapsack that holds an unknown combination of the same weights. You are given the values 
of the set of integer weights (called the knapsack vector) and the weight to be matched (called the knapsack 
total). Find the subset of the N weights that will exactly balance the knapsack! 

Although it is possible to find examples of this problem that are fairly easy to solve by exhaustive 
search- when N is a small number or when each weight is heavier than the sum of the proceeding weights, 
for example-all of the known methods of solving the general knapsack problem have a computational 
requirement that grows exponentially in the key size and, therefore, are impossible to Implement for rea¬ 
sonably large key sizes. An exhaustive search is quite lengthy for large l\l. Suppose that N is 5. Then, 
the knapsack vector has five components (one corresponding to each weight), each of which could be equal 
to 1 (the weight is used to try to balance the knapsack) or 0 (the weight is not used in this try). There 
are 2^or 32 possible vectors to be tried in an exhaustive search. If N were 10, up to 1,024 tries would 
be covered in an exhaustive search. If N were 1,000, an exhaustive search would clearly be infeasible. 

Sometimes the problem is posed differently, as a cylindrical knapsack of fixed length and a set of 
rods of different lengths, with the problem being to find the subset of rods that will completely fill the 
knapsack. In either case, the problem is an example of the general class of NP problems. The 'trapdoor” 
knapsack problem is a special case, which is not computationally difficult to solve provided that one has 
special information that enables the problem to be solved more easily than for the general case. In this 
case, the 'trapdoor" enables the intended recipient who knows the secret key (the trapdoor information) 
to solve the knapsack problem and reveal the plaintext message without having to do an exhaustive search. 

The intended receiver and originator of the public and secret keys builds a secret structure into 
the knapsack problem. The receiver generates the keys by first generating an "easy” knapsack vec¬ 
tor, called a super-increasing vector, in which each weight is larger than the sum of the preceding 
weights. The sum of the super-increasing knapsack vector is the heaviest possible knapsack. The 
receiver then chooses a modulus m larger than this maximum weight and a multiplier a such that 
m and a are relatively prime. The "hard” knapsack vector is constructed by multiplying the "easy” 
vector by a, using modulus m arithmetic. The "hard' knapsack vector, arranged in order of increas¬ 
ing weight, forms the public (encryption) key. The "easy” vector, along with the values used for 
m and a, are kept as the secret key. 

Merkle and Heilman's public-key system was based on special key pairs that were used to en¬ 
crypt and decrypt plaintext. Briefly (see Computer Security, pp. 100-101), each character in the 
plaintext was assigned a numerical value and all the numbers were then summed together. The 
secret key enabled the individual numbers to be recovered and, from them, the plaintext. 

‘ For the history of the trapdoor knapsack system, see Computer. Security, one of the Understanding Computers series (Alexandria, VA: 
Time-Life Books, 1986), pp. 100-101; Davies & Price. Security for Computer Networks: An Introduction to Data Security in Teleprocessing 
and Electronic Funds Transfer, (New York, NY: J . Wiley & Sons, 1984), p. 251; and Martin E. Heilman, 'The Mathematics of Public-Key 
Cryptography, " Scientific American, vol. 241, No. 2, August 1979, p. 148. 
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lem of disputes between sender and receiver to be 
resolved through the method of digital signatures. ^ 

The RSA system is based on a problem that is 
even older than the knapsack problem: that of 'fac¬ 
toring" a large number (finding all the prime num¬ 
bers that divide it evenly) .23 This is another com¬ 
putationally "one-way" problem in that factoring 
a large number takes much longer (by hand or by 
computer) than does verifying that two or more 
numbers are prime factors of the same large 
number. 

The proprietary RSA system is thought to be 
based on the relative difficulty of finding two large 
prime numbers, given their product. The recipient 
(and originator of the key pair) randomly selects 
two large prime numbers, called p and q. These 
prime numbers are kept secret. Another (odd) in¬ 
teger e is chosen, which must pass a special math¬ 
ematical test based on values of p and q. The prod¬ 
uct, n, of/; times q and the value of e are announced 
as the public encryption key. Even though their 
product is announced publicly, the prime factors 
p and q are not readily obtained from n. Therefore, 
revealing the product of p and q does not com¬ 
promise the secret key, which is computed from 
the individual values of p and 

The RSA public (encrypting) key consists of two 
integers, n and e, where n is the product n=(p)(q). 

220ther public-key systems have been developed, some earlier than 

RSA, but have not gained as wide an acceptance in commercial mar¬ 
kets. There continue to be new developments in public-key cryptogra¬ 
phy (see, e.g., S.Goldwaaser, S. Micali, and R.Rivest, MIT Laboratory 
for Computer Science, "A Digital SignatureScheme Secure Against 
Adaptive Chosen Message Attack, Rev. Apr. 23, 1986), but some of these 
are of more academic interest than immediate practicability for safe¬ 
guarding communications. , , . , . o 

^^For (Rscussions of the underlying mathematics, see Davies « ^^ce, 

op. cit., ch. 8; Rivest Shamir, and Adelman in the February 1978 Com¬ 
munications of the ACM, and Heilman in the August 1979 Scientific 
American op. cit; Computer Security, op. cit., pp. 112-115, has an illus¬ 
trated example. 

The relationship between the RSA exponential functions used to en¬ 
cipher and decipher follows from an identity due to Euler and Fermat 
which demonstrates the properties that e and d must have, givenp and 

^ ^'‘Certain special values of (p)(q) can be factored easi ly—when P 
q are nearly equal, for instance. These special cases need to be avoided 
in selecting suitable keys. 


If each block of the plaintext message is repre¬ 
sented as an integer between 0 and (n - 1), then en¬ 
cryption is accomplished by raising the plaintext 
to the eth power, modulus n. 

The secret (signing and/or decrypting) key, d, is 
computed from p, q, and e as the "muitiplicative 
inverse" of e, modulus (p-l )(q-l); that is, the 
product of d and eisl,modulus(p-l)(q-l). Thus, 
individual knowledge of p and q are thought to be 
necessary to create the secret key. Decryption is 
accomplished by raising the ciphertext to the dth 
power, modulus n. 

It is possible to break the RSA cipher if the prime 
factors p and q can be determined by factoring the 
value of nthat was given in the public key. Many 
factoring algorithms exist, some based on the work 
of Fermat, Legendre, and Gauss. Others have been 
developed more recently to take advantage of com¬ 
puters and special processors to do fast factori¬ 
zation. 

Depending on the factorization method used, it 
is possible to estimate the number of computa¬ 
tional steps required to factor a number, n. The 
number of steps and the speed with which they can 
be performed determine the time required to fac¬ 
tor n. The number of steps required to factor n— 
thus, the work and time required to "break" the 
RSA cipher by the factorization approach (finding 
p and q)-increases rapidly as the number of digits 
inn increases.^'Thus, an important feature of the 


According Davies & Price, op. cit., pp. 242-244, them-y shows 
that, for the better-known factorization algorithms, the relationship be¬ 
tween the number of steps and nis exponential. In the early 1980s, ex¬ 
perimental work doing fast factorization using a number of techniques, 
including special processors, pointed to a "limit" of 70 to 80 decimal 
digits for factoring in one day. 

Advances in theory and in microprocessor and computer technologies 
can serve to make estimates of this type obsolete. For example, Rivest, 
Shamir, and Adelman’s 1978 article in the Communications of the ACM 
(February 1978, p. 125) provided a table estimating the number of oper¬ 
ations required to factor n using the fastest-known method then. As¬ 
suming that a computer was used and that each operation took one 
microsecond, the authors estimated that a 50-decimal-digit value of n 
could be factored in under 4 hours, a 75-digit value in 104 days, a 100- 
digit value in 74 years, and that a 200-decimal-digit n would require 
almost 4 billion years to factor. 
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RSA cipher is that the desired level of security 
(measured by the work required to break the ci¬ 
pher, or its "work factor") can be tailored from a 
wide range of levels simply by varying the num¬ 
ber of digits in the key. 

Davies and Price report on a new factorization 
method using parallel computation by special, 
large-scale integration (LSI) devices. Assuming 
that the parallel LSI devices use 128-bit arithmetic 
and run off a 10-MHZ clock, a 100-decimal-digit 
value of n would take a little over 2 years to fac¬ 
tor, a 150-digit n would take 6,300 years to factor, 
and a 200-digit n would take 860,000 years to fac¬ 
tor.^‘Current implementations of the cipher use 
keys of 200 digits or longer; that is, the number 
n has 200 or more decimal digits. 

Rivest, Shamir, and Adel man formed RSA Data 
Security, Inc, in 1982 and obtained an exclusive 
license for their invention from MIT, which owned 
the patent.^'RSA Data Security has developed 
proprietary software packages implementing the 
RSA cipher on personal computer networks. These 
packages, being marketed commercially, provide 
software-based communication safeguards, includ¬ 
ing message authentication, digital signatures, key 
management, and encryption. Another offering is 
designed to safeguard data files and spreadsheets 
being transmitted between intelligent worksta¬ 
tions, electronic mail networks, and files being 
stored locally. The RSA Data Security package 
that safeguards electronic mail and spreadsheets 
sells for about $250, including one copy of the pro¬ 
gram, a key generating program, and a registered 
and authenticated user identification number. 

Digital Signatures 

Encryption or message authentication alone can 
only safeguard a communication or transaction 
against the actions of third parties. They cannot 
fully protect one of the communicating parties 
from fraudulent actions by the other (forgery or 


^®See Davies & .Price. OD. ,cit., pp. 243-244. , , 

27oj.her in cryptography has also been Patented 

and licensed. For instance, Stanford University has four cryptography 
patents available for licensing on a non-exclusive basis, for a wide range 
of potential applications (including protection of tape and disk drives; 
time-shared computers; satellite, microwave, and mobile radio commu¬ 
nications equipment; computer terminals; and electronic banking). Stan¬ 
ford University considers that one of these patents (Public Key Crypto¬ 
graphic Apparatus and Method, U.S. Patent #4,218,582, Aug. 19,1980, 
Martin E. Heilman and Ralph C. Merkle), covers any public-key system 
in any implementation. 

Source: Letter dated 9/29/86 to OTA from Lisa Kuuttila, Stanford 
Office of Technology Licensing, Re: Stanford Dockets S77-012,-015, -048; 
S78-080, "Encryption Technology. " 


repudiation of a message or transaction, for exam¬ 
ple) and cannot in themselves resolve contractual 
disputes between the two parties. Paper-based sys¬ 
tems have long been based on mechanisms like let¬ 
ters of introduction for identification of the par¬ 
ties, signatures for authenticating a letter or 
contract, and sealing a (physical) envelope for 
privacy. The contractual value of paper documents 
hinges on the recognized legal validity of the sig¬ 
nature and on the laws against forgery. 

It is possible to provide equivalent functions for 
electronic documents by using a digital signature 
to authenticate the contents and also prove who 
originated the document (because only one party 
knows the secret information used to create the 
signature). A digital signature can be created using 
a symmetric cipher (such as DES), but in general 
asymmetric ciphers provide for more efficient oper¬ 
ations. The digital signature method in most com¬ 
mon use commercially Is based on the RSA ci¬ 
pher.“The digital signature can be used with 
encipherment if privacy is required. 

The equivalent of a "letter of introduction" is 
still necessary to verif y that the correct public key 
is used to check the digital signature since an ad¬ 
versary might try to spoof the signature system 
by substituting his or her own public key and sig¬ 
nature for the real author's. This letter of intro¬ 
duction could be accomplished by several means. 
The RSA Data Security system provides "signed 
key server certificates" by attaching the corpora¬ 
tion’s own digital signature to the users' public 
keys so that users can attach their certified public 
signature keys to their signed messages. Note that 
although a public-key cipher system is used to set 
up the digital signature system, the actual text of 
the message can be sent in plaintext, if desired, 
or it can be encrypted using DES or the public- 
key cipher.“ 

The RSA Data Security digital signature sys¬ 
tem works as follows: 

First, a cryptographic "hashing" algorithm cre¬ 
ates a shorter, 128-bit "digest" of the message. The 
message digest, similar to a checksum, is virtually 


^®SeeDavies ^ general treatment of digital 

simatures and alternative methods. 

or example, if the RSA digital signature is used to sign and en¬ 
crypt, the sender's secret key is used to sign the message and the in¬ 
tended recipient's public key is used to encrypt the message. The recip¬ 
ient uses his secret key to decrypt the message and the sender's public 
key to check the signature. In practice, the RSA digital signature sys¬ 
tem is used to transmit a DES key for use in encrypting the text of 
a message because DES can be implemented in hardware and is much 
faster than using the RSA algorithm to encrypt text in software. 






App, D—Message Authentication, Public-Key Ciphers, and Digital Signatures *181 


unique^to each text. If a single bit of the plain¬ 
text message is altered, the message digest will 
change substantially. A one-way hashing function 
is used to prevent the document from being recon¬ 
structed from the digest. 

Next, the message digest is encrypted with the 
author’s secret key.the RSA system, each 
key is the inverse of the other; that is, each key 
can decipher text enciphered with the other key. 
Therefore, using Party A's public key to decipher 
a message into sensible plaintext proves that Party 
A’s secret key was used to encipher the message. 
The integrity of this system hinges on preventing 
the secret key from being compromised and ensur¬ 
ing that an imposter does not post his own public 
key and pretend that it is the real Party A’s. 


‘^'According to the tender, the probability of two different plaint exts 
having the same message digest is on the order of one in a trillion 
Note that for ordinary encryption to preserve privacy, the recipi¬ 
ent s public key is the one used to encrypt. 


The enciphered message digest is attached to the 
text and both are sent to the intended recipient. 
The recipient removes the appended message di¬ 
gest and runs the text of the message through the 
same hashing function to produce his own copy of 
the message digest. Then, the recipient deciphers 
the message digest that was sent along with the 
message, using the supposed author’s public key. 

If the two message digests are identical, then 
the message did indeed come from the supposed 
author and the contents of the text were received 
exactly as sent, unless someone has learned the 
author’s secret key and used it to forge a message 
digest for a message of his own or one that he has 
altered. 

I f the author wants to keep the text of the mes¬ 
sage private, so that only the intended recipient 
can read it, he or she can encrypt the signed mes¬ 
sage, using the recipient’s public key. Then, the 
recipient first uses his or her own secret key to 
decrypt the signed message before going through 
the procedure described above. 
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Acronyms 


ABA —American Bankers Association 

ACE —American Council on Education 

AlCPA -American Institute of Certified Pub¬ 

lic Accountants 

AITRC -Applied Information Technologies Re¬ 
search Center 

ANSI -American National Standards Institute 

ATM —Automatic Teller Machine 

AT&T -American Telephone & Telegraph Co. 

BAI -Bank Administration Institute 

BJ S -Bureau of J ustice Statistics 

CBC -Cipher Block Chaining 

CCEP -Commercial Communications Endorse¬ 

ment Program 
CFB -Cipher Feedback 

CHIPS -Clearing House Interbank Payments 
System 

CIA -Central Intelligence Agency 

COMSEC-Communications Security 
DCA -Defense Communications Agency 

DCTN -Defense Commercial Telecommunica¬ 

tions Network 

DES -Data Encryption Standard 

DIS -Defense Investigative Service 

DoD -Department of Defense 

DSA -Decimal Shift and Add [Algorithm] 

DTS -Digital Termination System 

EAR -Export Administration Regulations 

EBDI -ElectronicBusiness Data Interchange 

EDI -Electronic Data Interchange 

EDP -Electronic Data Processing 

EFT -Electronic Fund Transfer 

El A —Electronic Industries Association 

ESVN —Executive Secure Voice Network 

FBI -Federal Bureau of Investigations 

FCC —Federal Communications Commission 

FIPS -Federal Information Processing 

Standards 

FTS —Federal Telecommunications Service 

GAO -Government Accounting Office 
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